The Indian cybercriminal group Patchwork, also known as Elephant and Chinastrats, accidentally infected one of their computers with their own virus during one of their attacks. Malwarebytes Labs took advantage of this.
Patchwork has been around since at least 2015. The group is known for attacking military and political figures around the world, with a particular focus on organizations in Pakistan.
- The system was infected during an attack on the Ministry of Defense of Pakistan using the Ragnatela virus (RAT).
- Hackers managed to compromise the data of some of its employees.
- However, they themselves accidentally made it possible to monitor them through their own software.
- Apparently, Patchwork did not know about the infection, at least for some time.
- The situation allowed cybersecurity researchers to gain insight into their operations.
It’s ironic that all the information we’ve been able to gather comes from attackers infecting themselves with this RAT, resulting in their keystrokes and screenshots being captured from their own computer and virtual machines,
according to Malwarebytes Labs.
After Ragnatela malware enters the system, attackers gain remote access to the device, in particular, they can execute commands via cmd, collect files in the system, compile a list of running applications, take screenshots, register keystrokes, and more . Therefore, in fact, the same actions were applied to the developers of the virus. However, it is not reported what specific data was collected. Whether among them, for example, the names of the participants is unclear.
The group uses virtual machines and VPNs to develop, send updates and check the systems of its victims. Experts say that Patchwork, like some other East Asian hacker groups, is not creating viruses as sophisticated as their Russian or North Korean “colleagues”.