Suspected Indian state-sponsored threat operation PatchWork, also known as Zinc Emerson and Operation Hangover, has targeted Chinese universities and research organizations with the new EyeShell backdoor, according to The Hacker News.
KnownSec 404 Team researchers discovered that the .NET-based EyeShell backdoor could facilitate the execution of commands for file and directory enumeration, file uploads and downloads, file deletions, and screenshot capturing from a remote command-and-control server.
Such findings come after PatchWork, which has been linked with other Indian state-backed operations DoNot Team and SideWinder, had numerous fraudulent Facebook and Instagram accounts dismantled by Meta in May.
"Patchwork relied on a range of elaborate fictitious personas to socially engineer people into clicking on malicious links and downloading malicious apps. These apps contained relatively basic malicious functionality with the access to user data solely reliant on legitimate app permissions granted by the end user. Notably, Patchwork created a fake review website for chat apps where they listed the top five communication apps, putting their own, attacker-controlled app at the top of the list," said Meta at the time.