The Patchwork APT group has launched a new cyber espionage campaign targeting organizations across South and Southeast Asia, showcasing its advanced techniques. Their operations include use of malicious macros, encrypted C2 communications, and stealthy persistence methods. #PatchworkGroup #CyberEspionage
Keypoints
- Patchwork APT employs malicious macros to initiate intrusions and delivery of payloads.
- The malware uses layered obfuscation including encryption and fake legitimate files to evade detection.
- Communication with C2 servers is disguised as normal web form traffic to maintain stealth.
- The malware collects detailed system information, including software and antivirus data.
- Patchworkβs toolkit allows downloading, executing, exfiltrating files, and capturing screenshots remotely.