Security News > 2023 > July > Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor

Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign.
"Patchwork relied on a range of elaborate fictitious personas to socially engineer people into clicking on malicious links and downloading malicious apps," the social media giant said.
"These apps contained relatively basic malicious functionality with the access to user data solely reliant on legitimate app permissions granted by the end user. Notably, Patchwork created a fake review website for chat apps where they listed the top five communication apps, putting their own, attacker-controlled app at the top of the list."
EyeShell, detected alongside BADNEWS, is a a.NET-based modular backdoor that comes with capabilities to establish contact with a remote command-and-control server and execute commands to enumerate files and directories, downloading and uploading files to and from the host, execute a specified file, delete files, and capture screenshots.
The findings come as the cybersecurity company also detailed another wave of phishing attacks orchestrated by a group called Bitter aimed at aerospace, military, large enterprises, national government affairs, and universities in the country with a new backdoor known as ORPCBackdoor.
The South Asian threat actor was previously detected targeting the nuclear energy industry in China with malware downloaders delivered via CHM and Microsoft Excel Files that are designed to create persistence and retrieve further payloads.
News URL
https://thehackernews.com/2023/07/patchwork-hackers-target-chinese.html
Related news
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- Belgium probes if Chinese hackers breached its intelligence service (source)
- Belgium probes if Chinese hackers breached its intelligence service (source)
- Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- Chinese cyberspies backdoor Juniper routers for stealthy access (source)
- Juniper patches bug that let Chinese cyberspies backdoor routers (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- Chinese Weaver Ant hackers spied on telco network for 4 years (source)
- Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps (source)