Picus Security: China-linked Aquatic Panda Group Targets Telecoms and Tech

Cybersecurity firm Picus Security has published a detailed analysis of an advanced persistent threat (APT) group linked to China, known as Aquatic Panda.

The group, also identified as Earth Lusca and FishMonger, has been active since May 2020. Its primary targets include the telecommunications, technology, and government sectors, alongside NGOs, think tanks, and academic institutions across Asia, Europe, and North America.

Aquatic Panda's operations are focused on intelligence collection and industrial espionage. Notable campaigns include "FishMedley," exploitation of the Log4Shell vulnerability, and the deployment of malware such as SprySOCKS, ShadowPad, SodaMaster, BIOPASS RAT, and KTLVdoor. The group employs techniques such as domain registration and exploiting public-facing applications to gain access.

Picus Security offers its "Picus Platform" to help organizations test and validate their security controls against the threats posed by Aquatic Panda, utilizing the Picus Threat Library for simulated attacks.