Analysis of Recent Attack Activities Targeting China Using Research Project Plans as Bait

Tags

External References

• https://mp.weixin.qq.com/
• https://otx.alienvault.com/

Description

The Patchwork APT group, also known as Hangover and Dropping Elephant, has been conducting cyber espionage activities since 2009, primarily targeting Asian countries including China and Pakistan. Recently, they launched a phishing campaign against Chinese research personnel using a document titled 'National Key R&D Program Engineering Science and Comprehensive Interdisciplinary Key Special 2025 Project Guide Suggestion Form' as bait. The attack uses LNK files as initial payload, downloads PDF and executable files, sets up scheduled tasks, and ultimately loads the BadNews malware. The group impersonates legitimate websites and employs various techniques to evade detection and gather sensitive information from targeted systems.

Date