Cyber-Espionage Gang behind ‘Patchwork’ Campaign Moves from Government Targets to Private Companies


The cyber-crime group as old as two years and responsible for the cyber-espionage attack called Patchwork, which is also referred to as Dropping Elephant, is now targeting beyond the usual government organizations to strike private enterprises during when it wreaks havoc for the target even if the latter doesn't follow a given malicious web-link.

According to Security Company Symantec, the Patchwork spying campaign was executed no later than November 2015 while probably no earlier than a few months the time mostly government-aided syndicates and strictly government agencies were targeted with spam mails carrying Trojan viruses. The original discoverer of the campaign was Kaspersky Lab the Russia-based security firm that revealed its discovery during early July.

Security Firm Symantec gives the gang a nickname -Copy-Paste APT- as it would habitually create its malware with low-grade codes that are freely available i.e. without paying a price to acquire them.

Separate reports from Symantec and some days later from Kaspersky disclose that the gang attacked government agencies within Southeast Asia and the disputed islands under the alleged South China Sea.

According to a blog post by Joji Hamada, Researcher at Symantec, the malicious web-links lead to a site containing two tainted files one rich text and another PowerPoint. The former is suffixed with .doc referred to as a Word document and which exploits older Windows security flaws like CVE-2015-1641 related to memory corruption in Microsoft Office suite. Microsoft patched this vulnerability during 2015. On the other hand, the PowerPoint file abuses vulnerability CVE-2014-4114 involving execution of remote code in OLE Package Manager of Microsoft Windows OS that was utilized during the Sandstorm assaults of 2014. Scmagazine.com posted this, July 25, 2016.

Within Patchwork group's latest campaign, Word files, which leveraged attack codes for CVE-2012-0158 and CVE-2015-1641 too, were utilized, while at times the spear-phishing spam mails did not have any attachment.

According to Symantec researcher, the Word files and PowerPoint files attempted at installing the Steladok and the Enfourks backdoor Trojans designed for garnering sensitive information the contaminated PCs held for subsequent uploading onto remote servers. The Trojans were dropped inside temporary directories.

» SPAMfighter News - 7/29/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next