The Aquatic Panda, also known as Bronze University, has been linked to a significant global espionage operation called Operation FishMedley, occurring from January to October 2022. This campaign targeted seven diverse organizations, including governments and NGOs in several countries, including Taiwan and the US. The group's operations involve sophisticated use of malware like ShadowPad and Spyder, showing advanced cyber capabilities and connections to other Chinese threat actors. They have been active since at least 2019 and are associated with the broader Winnti Group and its various aliases.
Operators used implants - such as ShadowPad, SodaMaster, and Spyder - that are common or exclusive to China-aligned threat actors, indicating advanced capabilities.
The 2022 attacks are characterized by the use of five different malware families: A loader named ScatterBee that's used to drop ShadowPad, Spyder, SodaMaster, and RPipeCommander.
Collection
[
|
...
]