The India-based threat actor Patchwork has recently been found to have infected itself with its own malware, revealing sensitive information about the group's activities.
Active since 2016, Patchwork (also known as Dropping Elephant) has infected over 2,500 high-value targets worldwide.
The group appears to have accidentally infected their systems with their own remote access trojan (RAT) creation, resulting in captured screenshots and other information relating to their computer systems. Based on this information, researchers found that the group has been testing a brand-new variant of their BADNEWS RAT called Ragnatela, and doing so via spear-phishing campaigns that have already successfully compromised multiple high-value targets.
Patchwork targets victims in China and Pakistan, although their targets can always change. Thankfully, Acronis Cyber Protect's AI-powered and behavioral detection engines recognize and stops not only Ragnatela but other RATs as well.