Analysis of Recent Attack Activities Targeting China Using Research Project Plans as Bait

Dec. 10, 2024, 3:33 p.m.

Description

The Patchwork APT group, also known as Hangover and Dropping Elephant, has been conducting cyber espionage activities since 2009, primarily targeting Asian countries including China and Pakistan. Recently, they launched a phishing campaign against Chinese research personnel using a document titled 'National Key R&D Program Engineering Science and Comprehensive Interdisciplinary Key Special 2025 Project Guide Suggestion Form' as bait. The attack uses LNK files as initial payload, downloads PDF and executable files, sets up scheduled tasks, and ultimately loads the BadNews malware. The group impersonates legitimate websites and employs various techniques to evade detection and gather sensitive information from targeted systems.

External References

https://mp.weixin.qq.com/s?__biz=MzUyMDEyNTkwNA==&mid=2247497001&idx=1&sn=bf11de770fea2d96d4f3c08dfd7e038f&chksm=f9ed9996ce9a10809b95ac5c33c78c37018b7e17c304560ed687b580dda96459ed8ec5dacfe1&scene=178&cur_album_id=1375769135073951745#rd
https://otx.alienvault.com/pulse/67585740ad2675902bc5de4b
Tags
asyncrat
2024-12-10
badnews

Date

  • Created: Dec. 10, 2024, 2:59 p.m.
  • Published: Dec. 10, 2024, 2:59 p.m.
  • Modified: Dec. 10, 2024, 3:33 p.m.

Attack Patterns

  • BADNEWS - S0128
  • AsyncRAT
  • Patchwork
  • T1571
  • T1113
  • T1082
  • T1057
  • T1105
  • T1083
  • T1071
  • T1055
  • T1036
  • T1204
  • T1140
  • T1132
  • T1027
  • T1053
  • T1566
  • T1059

Additional Informations

  • Education
  • Government
  • China
  • Pakistan