Jan 12, 2022
0 0

Hacking group accidentally infects itself with Remote Access Trojan horse

Written by

Graham Cluley
Computer security news, advice, and opinion
Oh dear. What a shame. Never mind.
Hacking group accidentally infects itself with Remote Access Trojan horse
Patchwork, an Indian hacking group also known by such bizarre names as Hangover Group, Dropping Elephant, Chinastrats, and Monsoon, has proven the old adage that to err is human, but to really cock things up you need to be a cybercriminal.
The hackers, who have become notorious for launching spear phishing attacks against Pakistani institutions, managed to infect themselves with their own Remote Access Trojan (RAT) in January, according to experts at Malwarebytes.
In a blog post, security researchers at Malwarebytes describes how it found a new variant of the BADNEWS RAT (which it dubbed Ragnatela) being launched via spear phishing emails which pretended to come from the Pakistani authorities.

Investigations by the researchers uncovered that a number of Pakistani institutions had been successfully compromised by the RAT:
However, it was also discovered that the hacking group had managed to also infect its own development machine, and the RAT had captured the criminals’ own keystrokes alongside screenshots of their own computers.
Malwarebytes researchers were able to unearth that the hackers were running both VirtualBox and VMware on their computers, with both English and Indian keyboard layouts setup.
Furthermore, with some bemusement, the researchers found the Patchwork group’s computer was reporting the weather at the time to be “cloudy with 19 degrees and that they haven’t updated their Java yet.”
Tut tut. Surely every savvy cybercriminal should understand the importance of keeping up-to-date with their security patches?
All hope is not lost, however. It appears that the hackers use the VPNs CyberGhost and VPN Secure in an attempt to make their IP address when logging into their victims’ email accounts. So at least they’re trying to not be entirely incompetent.
Malwarebytes says that this is the first time it has seen the Patchwork hacking group, which has been active since 2015, targeting molecular medicine and biological science researchers.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.
Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.
Your email address will not be published. Required fields are marked *

{{#message}}{{{message}}}{{/message}}{{^message}}Your submission failed. The server responded with {{status_text}} (code {{status_code}}). Please contact the developer of this form processor to improve this message. Learn more{{/message}}
{{#message}}{{{message}}}{{/message}}{{^message}}It appears your submission was successful. Even though the server responded OK, it is possible the submission was not processed. Please contact the developer of this form processor to improve this message. Learn more{{/message}}
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Winner: Best Security Podcast 2018, 2019
Dec 16 2021
After a brief discussion of the Log4Shell vulnerability panic, we chat about how Virgin Media has got itself into hot water, a fat-fingered fumble at the Bored Ape Yacht Club, and how to hack around your sleeping girlfriend’s facial recognition.
Guest: Mark Stockley.

Apple Podcasts | Google Podcasts | Spotify | RSS

Support the podcast:
Hire Graham Cluley to be a keynote speaker at your event or webinar
Send a tip or story idea | Hire Graham Cluley to speak at your event | Sponsorship | Contact | About
Complaints/Corrections | Privacy | Terms & Conditions
Copyright © 2001-2022 Cluley Associates Limited. All Rights Reserved.


Article Categories:
Cybersecurity News

Comments are closed.