Professional Documents
Culture Documents
CABINET SECRETARIAT
CABINET DIVISION
No 1-5/2003 (NTISB-II) i'NTISB)
I d. the 24th August, 2023-
Subject: L
'.:yper Securily Achijaam2. Patchwork Art I
No, 491 AFT GrouplAslyisrL
Context.
Advanced Persistent Threat (APT) groups
onymous W;,-eat actors
attacking Cyber/IT infrastructure of other states to gain unau
d access/ingress iovhiie
remaining undetected for an extended period of time. Usual
e groups devrnrkr,
Bitter, DoNot etc.) are Indian state sponsored that often targ
stan's Mili.ary árd •
IT setups. Recently,
Patchwork (an Indian APT group) h
Vely targeted
and Pakistan State Institutions for data exfiltration. In this reg
ofile, 306;amc•:•.
indicators of compromise (loCs) and preventive measures
2.
ay
PatchWork Indian APT Gr_onn, *
a
PatchWork (also known as Mahe
nci White' [.'',-, phan
an Indian APT group present in Cyberspace
015. The LT
came into limelight in 2017 when various yb
security f re.arc ,
,
identified its modus operandi and nefarious operati
Ser MDS
4be2d8609f83d10171a411059
(2) 90528e654de20159859ca1 5b
(3) 5 4t6s17b8O83d540f274f16O38C6df
(4) bff7da03f5555ecc9931d0c700
The C&C 4 e:s URLs may be processed for blocking at local firewalls.
acttcs and predures ,w-ver, phishing email remains initial entry point for malicious
heYefore, fe Iireentive measures (but not limited to) are:
uidelines
chniqu
• rting malware. cyber incident, suspicious email attachment
co a
,
sefr forwar same (without downloading) on email address:
74Loton.
protective measures
?Ik
security measures and support prot
o maintain dare ntenirty
and smooth operations be included in
Any unknown attachments should riot
opened on an official
device. Email authenticity be verified
nd up-to-data securibi
measures be ensured.
Usage of third party free and cracked o e be avOideddLicense
and up-to-date malware and virus pro softwar be ta
official computers/laptops/mobile phon
To add an extra layer of security and t unaut riz
Two-Factor Authentication (2FA) mpleme ed
possible, especially for critical applicati d systeths
For email security, following me . 3/4
be adopteclt by
organizations:
Implementation of "Do based Message
Authentication, Reporting an
formanCe (DMARC)"'
for all domains to prevent email
poofing end phishing
attacks. ;
5.
All Federal Ministries/Divisions/Provincial Gove
ts, affili
departments, autonomoui bodies and sectoral regulators are
cted to:,
above mentioned recommendations and adopt cautiou
vior ir
prevailing cyber threats and their consequences.
6. This issues with the approval of the compet hority
Lieuteri4tcjn
Muhamma
puty SeCi.'eta Se
Copy to: -
tel
. .
I• ?a
.i.
.. 4.
,.,