Patchwork APT

The Patchwork APT (Advanced Persistent Threat) is a criminal organization that has been attacking computer networks since 2015. The primary target of their campaigns appears to be South East Asia, but remnants of their activity have been discovered in other parts of the world as well. The hackers specialize in long-term espionage operations, and some of the signature malware they use is BADNEWS, the Quasar RAT, TINYTYPHON, and PowerSploit (a legitimate security testing tool.)

The group goes by several other names such as Dropping Elephant, Chinastrats, MONSOON, Operation Hangover, Neon, and Viceroy Tiger. It is believed that they have pro-Indian interests, but so far, it has been impossible to pinpoint the exact motives and nationality of the group's members. Their attacks focus on collecting data from the compromised networks, monitoring employee activity and hijacking login credentials. To achieve this, it uses backdoors such as BackConfig, or RATs (Remote Access Trojans) like the Quasar RAT.

Their attacks are executed via spear-phishing emails that contain a corrupted file attachment frequently, but it seems that they have been trying to diversify their methods with the latest BackConfig campaign – the payload was delivered to the targets by using a legitimate Web page that was compromised by the hackers previously.

The Patchwork APT is still very active, and its members keep enhancing their payloads and infrastructure to stay a step ahead of anti-virus vendors. Thankfully, their attempts are futile, and modern anti-malware software is capable of identifying and terminating the threatening applications that the Patchwork APT relies on perfectly.