Patchwork APT

The Patchwork hacking group is an APT (Advanced Persistent Threat) that first got on the radars of malware analysts back in 2015. Most of the campaigns of the Patchwork APT are concentrated in South East Asia. However, rarely, the Patchwork hacking group also will operate in other regions of the world. This hacking group goes by many names - Operation Hangover, Viceroy Tiger, Dropping Elephants, MONSOON, Neon and Chinastrats.

The majority of the Patchwork APT operations are reconnaissance campaigns against high-profile targets. Usually, the Patchwork hacking group exfiltrates data such as classified documents, login credentials, personal activity, etc. Malware researchers speculate that the Patchwork APT likely originates from India, as they appear to hold pro-Indian beliefs and go after targets, which would be of interest to the Indian government. However, these remain as speculations as researchers are yet to uncover more information about the Patchwork hacking group. Some of the hacking tools often used by the Patchwork APT are the Quasar RAT (Remote Access Trojan), BADNEW, TINYTYPHON, BackConfig and PowerSploit.

The Patchwork APT would often use spear-phishing emails as a preferred infection vector. The emails in question would contain a corrupted attached file, which carries the payload of the threat of choice. However, on one of the latest Patchwork APT campaigns, a different approach was used – infected Microsoft Excel files that were hosted on legitimate websites, breached by the hackers, which are unlikely to raise suspicion in the targets.
The Patchwork hacking group is a very active APT that often updates its tools to improve its functionality and self-preservation features. If you utilize a trustworthy cybersecurity software suite, your system will be protected from attacks and invasions like the ones carried out by the Patchwork APT.