fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Oops: Cyberspies Infect Themselves with their Own Malware

Oops: Cyberspies Infect Themselves with their Own Malware

After infecting themselves with their own custom remote access trojan (RAT), an Indian-linked cyber-espionage group has accidentally exposed its operations to security researchers.

The threat actor has been active since at least December 2015 and is tracked as PatchWork (aka Dropping Elephant, Chinastrats, or Quilted Tiger) due to the use of copy-pasted code.

During PatchWork’s most recent campaign, between late November to early December 2021, Malwarebytes Labs observed the threat actors using malicious RTF documents impersonating Pakistani authorities to infect targets with a new variant of the BADNEWS RAT, known as Ragnatela.

Also Read: PDPA Meaning: Know Its Big Advantages In Businesses

The Ragnatela RAT allows the threat actors to execute commands, capture screen snapshots, log keystrokes, harvest sensitive files and a list of running apps, deploy additional payloads, and upload files.

“Ironically, all the information we gathered was possible thanks to the threat actor infecting themselves with their own RAT, resulting in captured keystrokes and screenshots of their own computer and virtual machines,” Malwarebytes Labs’ Threat Intelligence Team explained.

After discovering that the PatchWork operators infected their own development systems with the RAT, the researchers were able to monitor them while using VirtualBox and VMware for testing and web development and testing on computers with dual keyboard layouts (i.e., English and Indian).

PatchWork testing the Ragnatela RAT
PatchWork testing the Ragnatela RAT (Malwarebytes LABS)

While observing their operations, they also gained info on targets the group compromised, including Pakistan’s Ministry of Defense and faculty members from molecular medicine and biological science departments at multiple universities such as the National Defense University of Islam Abad, the UVAS University’s Faculty of Bio-Science, the Karachi HEJ Research institute, and SHU University.

Also Read: What Is PDPA And What Are The 5 Things You Should Know About

“Thanks to data captured by the threat actor’s own malware, we were able to get a better understanding about who sits behind the keyboard,” Malwarebytes Labs added.

“The group makes use of virtual machines and VPNs to both develop, push updates and check on their victims. Patchwork, like some other East Asian APTs is not as sophisticated as their Russian and North Korean counterparts.”

PatchWork operators have previously targeted US think tanks in March 2018 in multiple spear-phishing campaigns using the same tactic of pushing malicious RTF files to compromise their victims’ systems and a QuasarRAT malware variant.

Two months earlier, in January 2018, they were observed pushing weaponized documents delivering BADNEWS malware in attacks against targets from the Indian subcontinent.

They were also behind a spear-phishing campaign targeting employees of a European government organization during late May 2016.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us