India-Linked Threat Actor Targets Military, Political Entities Worldwide

By Joseph Lorenz on July 15, 2016


There is a new threat actor known as Patchwork, that has been targeting victims worldwide since 2014. They have infected an estimated 2,500 victims since December 2015. Researchers at Cymmetria say that the group has mainly focused on personnel working on military and political assignments. The threat was detected during a spear phishing attack against a  government organization in Europe late in May 2016. A PowerPoint presentation file was used as the attack vector, and the target was an employee working on Chinese policy research. An attempt to exploit the CVE-2014-4114 vulnerability(which affects unpatched versions of Microsoft Office PowerPoint 2003 and 2007)was used in the attack. According to the report written by Cymmetria, the Advanced Persistent Threat(APT) is a pro-Indian or an Indian entity. This conclusion was drawn due to many of the primary targets of this campaign being regional neighbors of India. Another indicator is the selection of targets, which appear to be of interest to the group if they are related to issues affecting India.