Patchwork, Dropping Elephant

[2015] the Attack Was Detected As Part Of A Spear Phishing Against A Government Organization In Europe In Late May 2016. The Target Was An Employee Working On Chinese Policy Research And The Attack Vector Was A Powerpoint Presentation File. The Content Of The Presentation Was On Issues Relating To Chinese Activity In The South China Sea. (https://s3-us-west-2.amazonaws.com/cymmetria-blog/public/unveiling_patchwork.pdf)

[2018-01] the Malicious Documents Seen In Recent Activity Refer To A Number Of Topics, Including Recent Military Promotions Within The Pakistan Army, Information Related To The Pakistan Atomic Energy Commission, As Well As Pakistan�s Ministry Of The Interior. (https://unit42.paloaltonetworks.com/unit42-patchwork-continues-deliver-badnews-indian-subcontinent/)

[2018-03] targeting Us Think Tanks (in March And April 2018, Volexity Identified Multiple Spear Phishing Campaigns Attributed To Patchwork, An Indian Apt Group Also Known As Dropping Elephant. This Increase In Threat Activity Was Consistent With Other Observations Documented Over The Last Few Months In Blogs By 360 Threat Intelligence Center Analyzing Attacks On Chinese Organizations And Trend Micro Noting Targets In South Asia. (https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/)

[2021-11] patchwork Apt Caught In Its Own Web (https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/