Cyber Resilience

Threat actor · all actors

PatchworkG0040 state

🇮🇳 IN

aka Patchwork, Hangover Group, Dropping Elephant, Chinastrats, MONSOON, Operation Hangover, QUILTED TIGER, Sarit, APT-C-09, ZINC EMERSON, ATK11, G0040, Orange Athos, Thirsty Gemini

Last updated: 2026-07-03

0attributed CVEs
63ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[Patchwork](https://attack.mitre.org/groups/G0040) is a cyber espionage group that was first observed in December 2015. While the group has not been definitively attributed, circumstantial evidence suggests the group may be a pro-Indian or Indian entity. [Patchwork](https://attack.mitre.org/groups/G0040) has been seen targeting industries related to diplomatic and government agencies. Much of the code used by this group was copied and pasted from online forums. [Patchwork](https://attack.mitre.org/groups/G0040) was also seen operating spearphishing campaigns targeting U.S. think tank groups in March and April of 2018.(Citation: Cymmetria Patchwork) (Citation: Symantec Patchwork)(Citation: TrendMicro Patchwork Dec 2017)(Citation: Volexity Patchwork June 2018)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-443 / 6368%
CM-637 / 6359%
CM-235 / 6356%
SI-334 / 6354%
AC-625 / 6340%
CA-724 / 6338%
CM-723 / 6337%
SC-722 / 6335%
AC-321 / 6333%
SI-221 / 6333%
AC-420 / 6332%
AC-219 / 6330%
SI-719 / 6330%
CM-814 / 6322%
RA-514 / 6322%

Co-occurring actors

None.

Similar actors

Similar TTPs