Patchwork, a state-sponsored threat actor of Indian origin, is conducting a new spear-phishing campaign targeting Turkish defense contractors to gather strategic intelligence. The campaign employs malicious LNK files disguised as conference invitations, indicating a sophisticated multi-stage infection process. #Patchwork #SpearPhishing #TurkishDefense #UnmannedVehicleSystems
Keypoints
- Patchwork has expanded its targeting to include Turkish defense entities involved in UAV and missile systems.
- The attack uses malicious LNK files that invoke PowerShell commands to fetch further payloads from a malicious domain.
- The campaign involves a multi-stage infection chain with decoy PDFs and DLL side-loading techniques.
- Recent activities show Patchwork evolving from DLL variants to more advanced x86 PE executables with improved command protocols.
- Geopolitical motives are evident, with the campaign coinciding with heightened defense cooperation between Pakistan and TΓΌrkiye amidst regional tensions.
Read More: https://thehackernews.com/2025/07/patchwork-targets-turkish-defense-firms.html