Arctic Wolf Labs has uncovered a sophisticated cyber-espionage operation attributed to the Dropping Elephant advanced persistent threat (APT) group, also known as Patchwork or Quilted Tiger, focusing on Turkish defense contractors specializing in precision-guided missile systems.
The campaign, which began active operations in July 2025, employs a five-stage execution chain initiated through spear-phishing emails containing malicious LNK files masquerading as invitations to the “Unmanned Vehicle Systems Conference 2025” in Istanbul.
These lures exploit legitimate binaries like VLC Media Player and Microsoft Task Scheduler for defense evasion via DLL side-loading techniques, marking a notable evolution from the group’s previous x64 DLL variants observed in November 2024 to more streamlined x86 PE executables with optimized command structures and reduced library dependencies.
gbhackers.com
