FishMonger multi-country government espionage campaign
Campaign
Summary
Hide ▲
Show ▼
FishMonger ran a multi-country espionage campaign against government bodies in Honduras, Taiwan, Thailand and Pakistan across 2023 and 2024. The activity points to a sustained public-sector collection effort rather than an isolated intrusion. The campaign matters because it shows repeated targeting across several jurisdictions using the same operator identity and backdoor-based access pattern.
Related Happenings
Earth Lusca Operation FishMedley espionage campaign
Campaign
H score38
First: 16.06.2026 12:44
Last: 16.06.2026 12:44
Sources 1
About this happening:
A **multi-country espionage campaign** tied to **Earth Lusca / FishMonger** is now linked to **Operation FishMedley**, a **January–October 2022** effort that reached **seven organ...
Earth Lusca Operation FishMedley espionage campaign
CampaignAbout this happening: A **multi-country espionage campaign** tied to **Earth Lusca / FishMonger** is now linked to **Operation FishMedley**, a **January–October 2022** effort that reached **seven organ...
ESET analysis of SprySOCKS Windows variants adds IOC-backed detection guidance
Technical Analysis
H score34
First: 16.06.2026 12:00
Last: 16.06.2026 12:00
Sources 1
How related:
New analysis from ESET identified two previously undocumented Windows versions of SprySOCKS, a backdoor it attributes to FishMonger, the China-based group widely linked to contractor I-Soon.
About this happening:
**ESET** identified previously undocumented **Windows variants** of **SprySOCKS**, a backdoor attributed to **FishMonger** and linked to **I-Soon**. The **WIN_DRV** and **WIN_PLUS...
ESET analysis of SprySOCKS Windows variants adds IOC-backed detection guidance
Technical AnalysisHow related: New analysis from ESET identified two previously undocumented Windows versions of SprySOCKS, a backdoor it attributes to FishMonger, the China-based group widely linked to contractor I-Soon.
About this happening: **ESET** identified previously undocumented **Windows variants** of **SprySOCKS**, a backdoor attributed to **FishMonger** and linked to **I-Soon**. The **WIN_DRV** and **WIN_PLUS...
SprySOCKS Windows backdoor activity against government organizations
Malware Activity
H score23
First: 16.06.2026 12:00
Last: 16.06.2026 12:00
Sources 1
How related:
New analysis from ESET identified two previously undocumented Windows versions of SprySOCKS, a backdoor it attributes to FishMonger, the China-based group widely linked to contractor I-Soon.
About this happening:
**SprySOCKS** now has documented **Windows variants**, **WIN_DRV** and **WIN_PLUS**, expanding a toolset first known as a **Linux-only backdoor**. The activity is tied to **govern...
SprySOCKS Windows backdoor activity against government organizations
Malware ActivityHow related: New analysis from ESET identified two previously undocumented Windows versions of SprySOCKS, a backdoor it attributes to FishMonger, the China-based group widely linked to contractor I-Soon.
About this happening: **SprySOCKS** now has documented **Windows variants**, **WIN_DRV** and **WIN_PLUS**, expanding a toolset first known as a **Linux-only backdoor**. The activity is tied to **govern...
FamousSparrow Middle East maritime and energy targeting campaign
Campaign
H score33
First: 29.05.2026 12:00
Last: 29.05.2026 12:00
Sources 1
About this happening:
China-aligned **FamousSparrow** escalated a **maritime and energy** espionage campaign across the **Middle East**, putting regional shipping and infrastructure intelligence at gre...
FamousSparrow Middle East maritime and energy targeting campaign
CampaignAbout this happening: China-aligned **FamousSparrow** escalated a **maritime and energy** espionage campaign across the **Middle East**, putting regional shipping and infrastructure intelligence at gre...
Grandoreiro DLL side-loading campaign targeting banks in Portugal
Campaign
H score26
First: 27.05.2026 19:10
Last: 27.05.2026 19:10
Sources 1
About this happening:
**Grandoreiro** is running a new **DLL side-loading** campaign against **banks in Portugal**, extending a long-lived banking-malware operation into **2026**. The latest wave uses...
Grandoreiro DLL side-loading campaign targeting banks in Portugal
CampaignAbout this happening: **Grandoreiro** is running a new **DLL side-loading** campaign against **banks in Portugal**, extending a long-lived banking-malware operation into **2026**. The latest wave uses...
Timeline
-
16.06.2026 17:30 2 articles · 1h ago
FishMonger multi-country government espionage campaign
Initial DisclosureTelemetry first tied the **FishMonger** operation to **2023 and 2024** activity against **government bodies** in multiple countries. The early evidence already pointed to a sustained **espionage campaign**.
Show sources
- SprySOCKS Backdoor Expands From Linux to Windows — www.infosecurity-magazine.com — 16.06.2026 17:30
- SprySOCKS Backdoor Expands From Linux to Windows — www.infosecurity-magazine.com — 16.06.2026 17:30