Malware, Phishing, Threat Intelligence

Updated attack arsenal touted by Patchwork

Share
Patchwork

Patchwork

Organizations across Bhutan have been targeted by suspected Indian state-sponsored threat operation PatchWork in an attack campaign deploying the Brute Ratel C4 framework and an updated PGoShell malware version, both of which are new additions to the group's attack arsenal, The Hacker News reports.

Intrusions conducted by PatchWork, also known as APT-C-09, Zinc Emerson, Dropping Elephant, Viceroy Tiger, and Operation Hangover, commenced with the distribution of a malicious LNK file enabling the download of a fraudulent PDF to conceal compromise with Brute Ratel C4 and PGoShell malware, which facilitates not only screen capturing but also payload retrieval and execution, according to a report from the Knownsec 404 Team. Such a development comes months after PatchWork was reported to be involved in attacks leveraging romance scam lures to infect Android devices in India and Pakistan with the VajraSpy remote access trojan.

Related

Credit card skimmer concealed via swap files

Further examination of a breached checkout page revealed the inclusion of a suspicious script with base64 variables and hex strings that exfiltrate credit card information, as well as names and addresses via the querySelectorAll function.

Updated malware arsenal leveraged in Chinese Daggerfly attacks

Chinese state-sponsored hacking group Daggerfly, also known as Evasive Panda and Bronze Highland, has leveraged an updated version of the MACMA macOS malware, as well as the new Nightdoor backdoor, also known as Suzafk and NetMM, in attacks against Taiwanese organizations and a China-based U.S. non-governmental organization.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.