Reading Time: 2 minutes

Patchwork, an Indian hacking group accidentally infects itself with Remote Access Trojan Horse. The group also operates under some bizarre names such as Hangover Group, Dropping Elephant, Chinastrats, and Monsoon, and has fallen prey to human error.

The hacking group is known for launching spear-phishing attacks against Pakistani institutions. According to Malwarebytes, the group has managed to infect itself with its own Remote Access Trojan(RAT) in January. 

The security researcher from Malwarebytes in a blog post said they discovered a variant of the BADNEWS RAT, dubbed as Ragnatela. It is launched via spear-phishing emails that pretended to come from the Pakistani authorities.Hacking Group Accidentally Infects itself with Remote Access Trojan Horse_1The researchers also uncovered a number of Pakistani institutions had been successfully compromised by the RAT as below :

  • Ministry of Defense – Government of Pakistan
  • National Defense University of Islam Abad
  • Faculty of Bio-Science, UVAS University, Lahore, Pakistan
  • International center for chemical and biological sciences
  • HEJ Research Institute of Chemistry, International center for chemical and biological sciences, university of Karachi
  • SHU University, Molecular medicine

In the process, however, the hacking group unknowingly infected its own development machine and the RAT had captured the criminals’ own keystrokes alongside screenshots of their own computers.

Researchers from Malwarebytes were able to uncover that the hackers were running VirtualBox and VMware on their computers, with both English and Indian keyboard layouts setup. They also revealed Patchwork group’s computer was reporting the weather at the time to be “cloudy with 19 degrees and that they haven’t updated their Java yet.”

This might have been due to a lapse in updating the security patches on their computers. Further investigations suggest the hackers used the VPNs CyberGhost and VPN Secure in an attempt to hide their IP addresses when logging into their victims’ email accounts. 

According to Malwarebytes, this is the first time they have witnessed Patchwork hacking group which has been around since 2015, targeting molecular medicine and biological science researchers.

Related Articles:
Powerdir – New MacOS vulnerability can Lead to Unauthorized User Data Access
Abcbot Botnet Linked to Operators of Xanthe Crypto Mining Malware
FBI – Hackers Mailing Malicious USB Sticks to Businesses