You can call it bad luck, or you can call it divine justice. But when you play with fire, you risk getting burned…
In the sewers of the Internet, it rages a real world war between hacker groups more or less supported by their respective governments, which are dedicated to spying on and sabotaging countries enemies.
patchwork is the name of one of these groups, of indian origin, which has been operating since 2015. It mainly harasses targets in Pakistan, one of the countries traditionally at odds with India over border issues.
In the same way that these cyberspies steal data and sabotage their victims’ resources, cybersecurity teams are dedicated to spying on them, to put them in the hands of the authorities, or at least stop their attacks.
This is the case of the security team of MalwareBytes, a company known for its excellent anti-malware tool, called Malwarebytes.
This group of experts I’ve been tracking for a long time the activities of patchwork, when last November they realized that Indian cyberspies had been infected with their own malware, called Ragnatela RAT.
This software allows spy on a computer and extract data such as screenshots, files, keystrokes, etc.
Precisely, thanks to this infection MalwareBytes experts were able to break into PatchWork computers unseen, spy on their activities, and find out who they were targeting.
Here you can see some screenshots of the cybercriminals’ computers:
It can be seen Ragnatela control software, which they use to remotely control infected computers.
They have also discovered that these Indian spies hid behind a Virtual Private Network or VPN to change your IP address, and used virtual machines created with VirtualBox and VMware to test malware or manage it.
In addition, they have had access to list of victims those they tried to attack, among which are the Pakistan Ministry of Defense, Islamabad National Defense University, the university of molecular medicine, a faculty of biosciences, and the International Center for Chemical and Biological Sciences.
It was known that they mainly attacked political and military centers, but now it has been discovered that they also have scientific goals.
Little can be done at the police level, because this type of group is usually protected by the governments themselves, but now it is known how they operate, what tools they use, and which ones are victims.
The less secret they are, the lower their operational capacity will be.