Indian Patchwork hacking group infects itself with remote access Trojan
A group named Patchwork by Malwarebytes has been exposed after it accidentally infected its own development environment with a remote access Trojan (RAT). The group has been traced back to India and is also known by the names Hangover Group, Dropping Elephant, Chinastrats, and Monsoon. The group has been active since 2015 and regularly launches campaigns designed to deploy RATs. The group typically focuses on data theft as its main goal during attacks. In Patchwork’s latest attack, the group targeted individual faculty members from research institutions specializing in sciences such as biomedical and molecular.
Malwarebytes stated that on January 7, it was able to break into the APT group’s activities after it managed to infect its own systems with its RAT. This resulted in Malwarebytes’ ability to capture keystrokes and screenshots of their own computers and virtual machines. Patchwork typically relies on spear-phishing attacks in which customized emails are delivered to specific targets. The emails often contain RTF files with the BADNEWS RAT.