G0040

G0040Patchwork

Description

[Patchwork](https://attack.mitre.org/groups/G0040) is a cyber espionage group that was first observed in December 2015. While the group has not been definitively attributed, circumstantial evidence suggests the group may be a pro-Indian or Indian entity. [Patchwork](https://attack.mitre.org/groups/G0040) has been seen targeting industries related to diplomatic and government agencies. Much of the code used by this group was copied and pasted from online forums. [Patchwork](https://attack.mitre.org/groups/G0040) was also seen operating spearphishing campaigns targeting U.S. think tank groups in March and April of 2018.(Citation: Cymmetria Patchwork) (Citation: Symantec Patchwork)(Citation: TrendMicro Patchwork Dec 2017)(Citation: Volexity Patchwork June 2018)

References

  1. https://attack.mitre.org/groups/G0040
  2. https://web.archive.org/web/20180825085952/https://s3-us-west-2.amazonaws.com/cymmetria-blog/public/Unveiling_Patchwork.pdf
  3. http://enterprise-manage.norman.c.bitbit.net/resources/files/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf
  4. http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries
  5. https://unit42.paloaltonetworks.com/updated-backconfig-malware-targeting-government-and-military-organizations/
  6. https://securelist.com/the-dropping-elephant-actor/75328/
  7. https://researchcenter.paloaltonetworks.com/2018/03/unit42-patchwork-continues-deliver-badnews-indian-subcontinent/
  8. https://documents.trendmicro.com/assets/tech-brief-untangling-the-patchwork-cyberespionage-group.pdf
  9. https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/
  10. https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf

Software attributed to this2

TypeTargetConfidenceTier
SoftwareNDiskMonitors0272100%live
SoftwareBackConfigs047595%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Group
Confucius
Group
Inception
Group
APT41
Group
Gelsemium
Group
Gallmaker
Group
BackdoorDiplomacy
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.