FishMonger APT Group: A Persistent China-Aligned Cyber Espionage Actor

FishMonger is a China-aligned advanced persistent threat focused on long-term cyber espionage against governments, universities, think tanks, and technology firms across Europe and Asia; it operates by weaponizing newly disclosed vulnerabilities, deploying web shells and custom backdoors/loaders, using HTTP/S C2, and performing low-volume staged exfiltration to remain stealthy. The report outlines FishMonger’s targeting, evolution, notable campaigns (2018–2024), and recommended defenses: promptly patch internet-facing systems, monitor for web shells and administrative anomalies, apply network segmentation and least-privilege, and leverage threat intelligence.