Indian Patchwork hacking group infects itself with remote access Trojan

An Indian threat group’s inner workings have been exposed after it accidentally infected its own development environment with a remote access Trojan (RAT).

ZDNet Recommends

Dubbed Patchwork by Malwarebytes and tracked under names including Hangover Group, Dropping Elephant, Chinastrats, and Monsoon, the Indian group has been on the scene since at least 2015 and is actively launching campaigns designed to deploy RATs for the purposes of data theft and other malicious activities. 

In one of the latest attack waves connected to Patchwork, the group targeted individual faculty members from research institutions specializing in biomedical and molecular sciences.

On January 7, the Malwarebytes team said it was able to delve into the advanced persistent threat (APT) group’s activities after Patchwork managed to infect its own systems with its own RAT creation, “resulting in captured keystrokes and screenshots of their own computer and virtual machines.”

According to the cybersecurity researchers, Patchwork typically relies on spear-phishing attacks, with tailored emails sent to specific targets. These emails aim to drop RTF files containing the BADNEWS RAT, of which a new variant has now been found. 

The latest version of this malware, dubbed Ragnatela, was compiled in November 2021. The Trojan is capable

Read More: