Patchwork Group

The Patchwork Group, also known as Operation Hangover, is a recognized threat actor in the cybersecurity landscape. This entity, possibly linked to an Indian origin, has been involved in various malicious activities aimed at executing actions with harmful intent. Their operations are characterized by targeted cyber-attacks, primarily focusing on victims within the Indian subcontinent. The group's tactics include seeding the Google Play store with malicious Android apps, specifically targeting Pakistani users. Bitdefender's analysis of the EHDevel malware revealed similarities to another strain of malware previously analyzed by Blue Coat Labs, as detailed in their report "Snake in the Grass". This report further highlighted malware resemblances and infrastructure overlap with the Patchwork Group. Such overlaps suggest that the group might have evolved its tactics over time, adapting and repurposing existing malware for new attacks. The Patchwork Group's activities bear some resemblance to those of another India-linked threat actor, the Sidewinder Group. The latter has historically targeted Pakistan, Turkey, and China with multiphase polymorphic attacks. Despite these similarities, each group operates independently, each posing unique threats to cybersecurity. As of now, the Patchwork Group continues its malicious activities, persistently threatening victims located within the Indian subcontinent.