FishMonger’s Link to I-SOON Exposed
A new report reveals that I-SOON, a Chinese tech company, is linked to FishMonger, a hacking group. The US Department of Justice (DOJ) recently charged I-SOON with large-scale cyber-attacks worldwide.
Experts say that FishMonger works for I-SOON. The group hacked into governments, charities, and research groups across Asia, Europe, and the United States. Their goal was to steal sensitive data like government records, private research, and internal files.
Experts believe FishMonger has been active since 2019. However, its 2022 campaign, called Operation FishMedley, drew global attention. During this attack, the group used advanced hacking tools to break into systems and steal valuable information.
Cyberattack Catastrophe: How Hackers Can Endanger Human Lives ?
Operation FishMedley: Targets and Tactics
In 2022, FishMonger carried out Operation FishMedley, a large hacking campaign. The group attacked at least seven organizations worldwide. Their targets included government agencies in Taiwan and Thailand. They also attacked NGOs in the US and Asia, a Catholic group in Hungary, and a think tank in France.
To break into these networks, FishMonger used powerful malware such as ShadowPad, Spyder, and SodaMaster. These tools allowed them to steal data, spy on activities, and remain hidden for long periods.
The group’s hacking methods were advanced. They stole admin passwords to get full access to networks. Once inside, they planted malware using admin tools. They also used Impacket-based programs to spread across networks, making them harder to detect and remove.
At one US-based NGO, the hackers gained higher privileges, letting them run commands and steal sensitive data. They even accessed system files with login records, helping them move deeper into the network unnoticed.
How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?
I-SOON’s DOJ Indictment and FBI Action
On March 5, 2025, the DOJ unsealed charges against I-SOON employees and officers from China’s Ministry of Public Security. The DOJ accused them of cyber-espionage from 2016 to 2023.
The DOJ revealed that I-SOON posed as a regular tech company but was actually running state-backed hacking operations. Their goal was to steal information from governments, NGOs, and private organizations to benefit the Chinese government.
Critical Vulnerabilities: The Dark Side of Pacemaker Technology
The FBI added several I-SOON employees to its “most wanted” list, making them international fugitives. Cyber experts had long suspected I-SOON’s link to FishMonger, but the DOJ’s findings officially confirmed it.
The investigation showed that I-SOON gave FishMonger the tools, money, and infrastructure needed for its attacks. This included creating malware, setting up remote servers, and building systems to help them stay hidden.
Cybersecurity experts are now warning organizations to strengthen their defenses, as groups like FishMonger continue to carry out dangerous cyber-attacks.
