Patchwork APT Uses PowerShell Loader in New Campaign

Cyber Security News by CyberSum.net

Published on October 1, 2025 at 06:04 PM

3 sources

The cyber-espionage group known as Patchwork APT has launched a new campaign using a multi-stage PowerShell loader. The attack begins with a malicious macro that downloads components designed to masquerade as the legitimate VLC media player, using DLL side-loading to execute its payload. The malware establishes persistence through a Windows Scheduled Task and uses sophisticated, layered obfuscation to hide its command-and-control communications. Once active, the final payload can perform extensive system reconnaissance, exfiltrate files, execute code in memory, and capture screenshots. This campaign demonstrates Patchwork's continued evolution in conducting stealthy intelligence-gathering operations.

Also Read

OpenShift AI Flaw Allows Full Cluster Takeover (CVE-2025-10725)

A severe vulnerability in Red Hat OpenShift AI (CVE-2025-10725) allows low-privileged users to escalate their permissions to full cluster administrator. The flaw stems from an overly permissive ClusterRole assignment that grants any authenticated user the ability to create jobs across the entire cluster. An attacker with minimal access, such as a data scientist account, can abuse this permission to run malicious jobs with elevated rights. This could lead to a complete compromise of the cluster, including data theft and service disruption. Administrators are urged to mitigate the risk by immediately removing the insecure ClusterRoleBinding and adopting a least-privilege security model.

By Cyber Security News by CyberSum.netOctober 1, 2025 at 06:04 PM