The Patchwork cyber espionage group — also known as Hangover or Dropping Elephant and internally tracked by QiAnXin as APT-Q-36 — has been active since 2009 and is believed to be close to South Asia. Over the years, it has targeted government agencies, the military, research institutions, diplomacy, industry, and educational institutions in several Asian countries, conducting large-scale intelligence gathering operations. The QiAnXin Threat Intelligence Center has identified a new Trojan attributed to the Maha Grass organization, which uses a combination of WebSocket and HTTP protocols to communicate with command and control servers. The malware, dubbed StreamSpy , retrieves instructions via a