Organizations across Bhutan have been targeted by suspected Indian state-sponsored threat operation PatchWork in an attack campaign deploying the Brute Ratel C4 framework and an updated PGoShell malware version, both of which are new additions to the group's attack arsenal, The Hacker News reports.
Intrusions conducted by PatchWork, also known as APT-C-09, Zinc Emerson, Dropping Elephant, Viceroy Tiger, and Operation Hangover, commenced with the distribution of a malicious LNK file enabling the download of a fraudulent PDF to conceal compromise with Brute Ratel C4 and PGoShell malware, which facilitates not only screen capturing but also payload retrieval and execution, according to a report from the Knownsec 404 Team. Such a development comes months after PatchWork was reported to be involved in attacks leveraging romance scam lures to infect Android devices in India and Pakistan with the VajraSpy remote access trojan.