Earth Lusca Operation FishMedley espionage campaign
Campaign
Summary
Hide ▲
Show ▼
A multi-country espionage campaign tied to Earth Lusca / FishMonger is now linked to Operation FishMedley, a January–October 2022 effort that reached seven organizations across Taiwan, Hungary, Turkey, Thailand, France, and the U.S. The campaign matters because it shows coordinated targeting across multiple countries rather than a single isolated intrusion. The operation also reinforces the group's repeatable access and follow-on activity against government and organizational targets.
Related Happenings
SprySOCKS Windows backdoor activity against government organizations
Malware Activity
H score22
First: 16.06.2026 12:00
Last: 16.06.2026 12:00
Sources 1
How related:
Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS.
About this happening:
**SprySOCKS** now has documented **Windows variants**, **WIN_DRV** and **WIN_PLUS**, expanding a toolset first known as a **Linux-only backdoor**. The activity is tied to **govern...
SprySOCKS Windows backdoor activity against government organizations
Malware ActivityHow related: Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS.
About this happening: **SprySOCKS** now has documented **Windows variants**, **WIN_DRV** and **WIN_PLUS**, expanding a toolset first known as a **Linux-only backdoor**. The activity is tied to **govern...
FamousSparrow Middle East maritime and energy targeting campaign
Campaign
H score33
First: 29.05.2026 12:00
Last: 29.05.2026 12:00
Sources 1
About this happening:
China-aligned **FamousSparrow** escalated a **maritime and energy** espionage campaign across the **Middle East**, putting regional shipping and infrastructure intelligence at gre...
FamousSparrow Middle East maritime and energy targeting campaign
CampaignAbout this happening: China-aligned **FamousSparrow** escalated a **maritime and energy** espionage campaign across the **Middle East**, putting regional shipping and infrastructure intelligence at gre...
GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations
Campaign
H score39
First: 29.05.2026 01:24
Last: 29.05.2026 01:24
Sources 1
About this happening:
**GreyVibe** is running an **AI-assisted cyberespionage campaign** against **Ukrainian and Ukraine-related organizations**, expanding the threat to military, government, civilian,...
GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations
CampaignAbout this happening: **GreyVibe** is running an **AI-assisted cyberespionage campaign** against **Ukrainian and Ukraine-related organizations**, expanding the threat to military, government, civilian,...
Webworm multi-country targeting campaign against government and enterprise victims
Campaign
H score38
First: 20.05.2026 15:51
Last: 20.05.2026 15:51
Sources 1
About this happening:
**Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...
Webworm multi-country targeting campaign against government and enterprise victims
CampaignAbout this happening: **Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...
APT28 long-term espionage campaign targeting Ukrainian military personnel
Campaign
H score40
First: 10.03.2026 12:55
Last: 10.03.2026 12:55
Sources 1
About this happening:
A **sustained APT28 espionage campaign** is using **BEARDSHELL** and **COVENANT** to surveil **Ukrainian military personnel**, extending access through **cloud-based C2** and incr...
APT28 long-term espionage campaign targeting Ukrainian military personnel
CampaignAbout this happening: A **sustained APT28 espionage campaign** is using **BEARDSHELL** and **COVENANT** to surveil **Ukrainian military personnel**, extending access through **cloud-based C2** and incr...
Timeline
-
16.06.2026 12:44 2 articles · 3h ago
Earth Lusca Operation FishMedley espionage campaign
Initial DisclosureOperation FishMedley is the earliest named multi-country campaign thread tied to **Earth Lusca / FishMonger** in this event set. Its first documented phase runs from **January to October 2022** and covers **seven organizations** across Asia, Europe, and the U.S.
Show sources
- China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth — thehackernews.com — 16.06.2026 12:44
- China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth — thehackernews.com — 16.06.2026 12:44