Unveiling Patchwork

Author(s): Dean Sysman
Gadi Evron
Category: APT
Duration: 45
Summary: Patchwork is a highly successful nation state targeted
attack operation, which infected approximately 2,500 high-value
targets such as governments, worldwide. It is the first targeted
threat captured using a commercial cyber deception platform. In this
talk, we will share how deception was used to catch the threat actor,
and later on secure their second stage malware and lateral movement
Examining this threat actor is especially interesting as on the one
hand it displayed an extremely sophisticated intelligence and
operational capability, carefully choosing targets, successfully
compromising them, and scaling the operation, while on the other hand,
technologically their toolset is built like a patchwork quilt, a
combination of snippets of code taken from various online forums and
from GitHub that any kid off the street could build.

Likes: 0



First, this seems to be lacking an offensive component. Skimming through https://s3-us-west-2.amazonaws.com/cymmetria-blog/public/Unveiling_Patchwork.pdf, I see that they used HTTPS meterpreter, which I would hesitate to call 'extremely sophisticated'.


We get it, some orgs invest in using cyber for intel goals. *yawn*