Not only users but cybercriminals also become victims of their mistakes sometimes. An India-based threat actor group dubbed Patchwork, which targeted users and government organizations in Pakistan, inadvertently exposed its hacking strategies online. Active since 2015, Patchwork affected various entities in Pakistan via spearphishing attacks. According to a report from Malwarebytes, the attackers exposed all the information they gathered, including their malware details, captured keystrokes, and screenshots of their systems.
The researchers stated that Patchwork leveraged malicious RTF files to drop a new variant of the BADNEWS Trojan dubbed Ragnatela in its recent campaign from late November to early December 2021. The group used spear phishing emails to distribute the Ragnatela RAT across the targeted network systems.
Ragnatela capabilities include:
Also Read: Pakistani APT Group ‘SideCopy’ Targets Officials in India and Afghanistan
Patchwork operators tricked victims with fake documents impersonating Pakistani authorities. The group used virtual machines and VPNs to develop and push updates to track their victims.
The victims of Ragnatela Trojan include:
Indicators of Compromise (IoC)
Lure
RAT
C2
“While Patchwork uses the same lures and RAT, the group has shown interest in a new kind of target. Indeed this is the first time we have observed Patchwork targeting molecular medicine and biological science researchers. Thanks to data captured by the threat actor’s own malware, we were able to get a better understanding of who sits behind the keyboard,” the researchers said.
The post BADNEWS for Hackers! Patchwork Group Expose Themselves in Malware Campaign appeared first on CISO MAG | Cyber Security Magazine.
Click to Open Code Editor