‘Patchwork’ APT Detected at Last

One fresh APT (advanced persistent threat) called "Patchwork" is a sudden eruption on the malware landscape. The threat, says Cymmetria, has infected more than 2,500 users from the time it first appeared during December 2015. Nevertheless, it's felt that its operations occurred even way back in 2014.

According to the security company, the attackers responsible for the onslaught laid their trap all over the world, including Europe, USA, South Asia, the Middle East as well as APAC countries- generally government-related and government agencies. In conclusion, Cymmetria says the targets happened to be more of employees in the political and military outfits. Infosecurity-magazine.com posted this, July 7, 2016.

The attackers utilized spear-phishing e-mails with attachments as PowerPoint files. The majority of these electronic mails had subject lines that were on Chinese operations inside the South China Sea.

Fascinatingly, the attackers' tasks featured low technological ability in their campaigns that is a straight contrast to its remarkable achievement. The name Patchwork comes from its creators considerably using code from Internet sites, the shady part of the Web, and GitHub for crafting their malware as well as attack toolkits.

Patchwork effectively opens one backdoor that theoretically should have gotten caught as the majority of anti-virus agencies quite knew about the malware as well as its operational methodology. But, it was only in May 2016 that the attacks were discovered. For, Cymmetria's anti-malware software detected the threat and its campaign. Reportedly, Patchwork navigated laterally inside contaminated network from where it hunted to find other valuable PCs.

Cymmetria further suggests the attackers are probably Indian nationals. Actually, different from other countries encountering significant APT attacks, there's been relatively low online eavesdropping activity in India. And because of this as well as the poor technicality exhibited during the malware's crafting that relied on publicly obtainable script, they go to back the idea that some Indian attacker stepped into the APT arena.

However, according to the same researchers, the above evidence is probably quite well planned so it may appear as though a threat actor from India is responsible. Therefore, until more clues emerge, the idea falls short of complete surety.

» SPAMfighter News - 7/12/2016