Security News > 2023 > July > Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor

Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign.

"Patchwork relied on a range of elaborate fictitious personas to socially engineer people into clicking on malicious links and downloading malicious apps," the social media giant said.

"These apps contained relatively basic malicious functionality with the access to user data solely reliant on legitimate app permissions granted by the end user. Notably, Patchwork created a fake review website for chat apps where they listed the top five communication apps, putting their own, attacker-controlled app at the top of the list."

EyeShell, detected alongside BADNEWS, is a a.NET-based modular backdoor that comes with capabilities to establish contact with a remote command-and-control server and execute commands to enumerate files and directories, downloading and uploading files to and from the host, execute a specified file, delete files, and capture screenshots.

The findings come as the cybersecurity company also detailed another wave of phishing attacks orchestrated by a group called Bitter aimed at aerospace, military, large enterprises, national government affairs, and universities in the country with a new backdoor known as ORPCBackdoor.

The South Asian threat actor was previously detected targeting the nuclear energy industry in China with malware downloaders delivered via CHM and Microsoft Excel Files that are designed to create persistence and retrieve further payloads.

News URL

https://thehackernews.com/2023/07/patchwork-hackers-target-chinese.html