Aquatic Panda (G0143) Threat Profile: Persistent Cyber Espionage Operations
- Suspected Origin
- China
- Motivation
- Espionage, Intellectual Property Theft
- Aliases
- None documented
- Target Sectors
- Telecommunications, Technology, Government, Aerospace and Defense, Banking, Financial Services, Education, Healthcare, Media and Entertainment, Professional Services, NGOs, Think Tanks, Academic Institutions
- Associated Malware
- Cobalt Strike, ShadowPad, Winnti, Spyder, SodaMaster, RPipeCommander, BIOPASS RAT, KTLVdoor, Pandora, njRAT, FishMaster, SprySOCKS
Overview
Aquatic Panda, identified by MITRE ATT&CK as G0143, is a sophisticated and persistent advanced persistent threat (APT) group believed to originate from China. Active since at least May 2020, this group operates with a clear dual mandate: intelligence collection and industrial espionage. Their operations are strategically aligned with broader state-sponsored intelligence objectives, focusing on acquiring sensitive information and intellectual property that serves China’s national security and economic interests.
Attribution efforts have strongly linked Aquatic Panda to Chinese state-sponsored activities. The group is assessed to operate under, or in close coordination with, China’s Ministry of State Security (MSS) and Ministry of Public Security (MPS). Recent reporting, including leaks from the Chinese technology contractor i-Soon (Anxun Information Technology Co., Ltd.), further implicates such firms in managing and supporting cyber operations on behalf of Chinese state security services, with Aquatic Panda specifically tied to i-Soon through these revelations. The group is also considered to potentially fall under the broader “Winnti Group” umbrella, an ecosystem known for various China-aligned threat activities.
Aquatic Panda’s targeting profile is extensive and adaptable. While initially concentrating on telecommunications, technology, and government sectors, their scope has expanded significantly. Current targets include entities in aerospace and defense, banking, financial services, education, healthcare, media and entertainment, professional services, non-governmental organizations (NGOs), think tanks, and academic institutions. Geographically, their operations are global, with a notable concentration in the Asia-Pacific region, but with confirmed compromises extending into North America and Europe. Specific victim countries include Taiwan, Hungary, Turkey, Thailand, France, the United States, Honduras, Pakistan, and even a trading company within China itself, indicating a flexible approach to intelligence gathering based on strategic priorities.
Tactics & Techniques
Aquatic Panda employs a diverse array of tactics, techniques, and procedures (TTPs) characteristic of a mature and well-resourced APT group, demonstrating a focus on stealth, persistence, and effective data exfiltration.
Initial access is often gained through the exploitation of public-facing application vulnerabilities, notably including the Log4Shell vulnerability (CVE-2021-44228) against VMware Horizon servers. They also leverage watering hole attacks and phishing campaigns. Once initial access is established, the group utilizes various execution methods. In Windows environments, they frequently employ PowerShell for executing Base64-encoded commands and downloading additional payloads, and Windows Management Instrumentation (WMI) for lateral movement. They have also been observed creating remote scheduled tasks for malware installation and using rundll32.exe to proxy the execution of malicious DLLs. For Linux systems, malicious shell scripts are deployed after gaining SSH access, often to install Linux variants of their Winnti malware.
Persistence is a critical aspect of their operations. Aquatic Panda establishes persistence by creating new Windows services that masquerade as legitimate system components, modifying the ld.so preload file in Linux environments, and utilizing scheduled tasks. For credential access, the group actively harvests valid domain accounts, conducts LSASS memory dumping, and modifies the Windows registry to enable RestrictedAdmin mode, facilitating pass-the-hash attacks via RDP.
Defense evasion techniques are sophisticated and layered. Aquatic Panda clears command history in Linux to remove traces, deletes malicious executables, and renames or moves binaries to legitimate system locations to blend in. They encode PowerShell commands and attempt to discover and disable endpoint detection and response (EDR) tools on compromised systems. Their custom malware, such as ShadowPad, is often heavily obfuscated, remaining encrypted on disk and only decoded directly in memory, making static detection challenging. Lateral movement is achieved through stolen credentials, leveraging RDP, remote shares, SSH, WMI, and tools like Impacket. For collection and exfiltration, they typically compress gathered files and memory dumps using common archiving utilities like WinRAR and 7zip before moving them out of the network. Reconnaissance activities include using public DNS logging services to identify vulnerable servers and employing commands like last in Linux to identify recently logged-in users.
Notable Campaigns
Aquatic Panda’s operational history is marked by several significant campaigns and incidents that highlight their capabilities and strategic objectives.
The group’s activity dates back to at least May 2020. They were retroactively linked to a late 2019 campaign targeting universities in Hong Kong, which utilized ShadowPad and Winnti malware. In mid-2021, Aquatic Panda launched a watering-hole campaign specifically targeting Chinese customer-service firms, deploying their custom BIOPASS RAT. A notable incident in December 2021 involved the exploitation of the critical Log4Shell vulnerability (CVE-2021-44228) against a large academic institution’s VMware Horizon server, indicating their rapid adoption of newly disclosed vulnerabilities.
Perhaps their most widely reported campaign is “Operation FishMedley,” which occurred between January and October 2022. This global espionage campaign targeted seven distinct organizations, including government entities, NGOs, think tanks, and Catholic charities, across six countries: Taiwan, Hungary, Turkey, Thailand, France, and the United States. This campaign showcased their broad reach and diverse targeting. From 2021 to 2023, Aquatic Panda conducted sustained espionage across 17 countries spanning Asia, Europe, and North America. More recently, in 2023-2024, the group deployed new Windows variants of the SprySOCKS backdoor against government organizations in Honduras, Taiwan, Thailand, and Pakistan. In late 2023 through early 2024, they were observed leveraging Chinese-Taiwanese relations as a lure in phishing activities, coinciding with Taiwan’s elections. Additionally, 2024 saw the deployment of a new multiplatform backdoor, KTLVdoor, against a trading company located within China.
Associated Malware & Tools
Aquatic Panda employs a sophisticated and varied arsenal of malware and legitimate tools, often leveraging both commodity and custom-developed solutions to achieve their objectives. Key custom backdoors and implants include:
- ShadowPad: A modular backdoor frequently used by Chinese APT groups, known for its stealthy nature as it remains encrypted on disk and is only decoded in memory. It offers capabilities such as keylogging, screenshot capture, and file exfiltration.
- Winnti: Various Linux versions of this backdoor are deployed by Aquatic Panda, particularly after gaining SSH access to Linux environments.
- Spyder: Another backdoor observed in their campaigns, notably in Operation FishMedley.
- SodaMaster: A malware family that has been shared among multiple China-aligned APT groups, also used during Operation FishMedley.
- RPipeCommander: A previously undocumented C++ implant deployed as a reverse shell, capable of running commands and gathering outputs.
- BIOPASS RAT: A custom Remote Access Trojan used in watering-hole campaigns targeting Chinese customer-service firms.
- KTLVdoor: A new multiplatform backdoor observed in 2024 operations.
- Pandora: A custom malware noted for its stealth capabilities and adaptability, suggesting considerable development resources.
- SprySOCKS: New Windows variants of this backdoor were deployed in 2023-2024.
Beyond custom malware, Aquatic Panda frequently incorporates legitimate and publicly available tools into their operations, a common tactic for defense evasion. These include Cobalt Strike, a popular penetration testing framework that they heavily rely on, often delivered via a unique downloader tracked as FishMaster. They have also used njRAT, a commercially available Remote Access Trojan. For data compression and staging, WinRAR and 7zip are commonly leveraged. Additionally, tools like Impacket are used for lateral movement.
Current Status
Aquatic Panda remains an active, persistent, and adaptive cyber espionage actor. Despite ongoing efforts by the cybersecurity community to expose their operations and by law enforcement to disrupt them, the group continues to evolve its TTPs and expand its targeting.
The group’s operational tempo has not significantly diminished. Their ability to combine widely available tools with custom-developed malware allows for scalable and resilient operations across multiple sectors. While some individuals associated with the broader i-Soon network, which Aquatic Panda is linked to, faced indictments and were added to most-wanted lists in March 2025, this has not fundamentally halted the group’s activities. The ongoing reporting of new campaigns and malware deployment in 2023 and 2024, such as the use of Chinese-Taiwanese relations as a lure and the deployment of KTLVdoor, underscores their sustained operational presence and continued threat. Organizations should therefore continue to prioritize strong defensive measures against the TTPs associated with Aquatic Panda, particularly robust vulnerability management, endpoint detection, and proactive threat intelligence monitoring.
Related content
Worried this actor targets your sector?
Let's map your exposure before they find it themselves.
Book an advisory call