InfoSec Round-Up Jan 14th

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Hackers’ Own Goal

An Indian-linked cyber espionage group known as Patchwork has reportedly exposed its own operation after accidentally infecting themselves with a remote access trojan (RAT).

Having been active since late 2015, the threat actors used the malicious software to harvest confidential information, as well as targeting various political organisations via spear-phishing attacks.

With their own compromise being discovered by Malwarebytes Labs, security researchers were able to gather their own information, monitoring the hackers via keystrokes and screenshots of computers and virtual machines.

Able to establish evidence of successful attacks against Pakistan’s Ministry of Defense, the National Defense University of Islam Abad and the International centre for chemical and biological sciences, Malwarebytes Labs noted, “Thanks to data captured by the threat actor’s own malware, we were able to get a better understanding about who sits behind the keyboard… Patchwork, like some other East Asian Advanced persistent threats (APTs) is not as sophisticated as their Russian and North Korean counterparts.”

Romance Fraud Warning

The UK’s Action Fraud has issued a warning urging people to be on the lookout for online fraudsters after an estimated £92 million was lost to romance fraud in the last year alone.

With 8,863 cases reported between November 2020 and October 2021, representing a 27% increase on the previous year, Action Fraud along with the City of London Police, noted how those beginning relationships around Valentines Day are most susceptible to this kind of scam.

Urging those who are not particularly tech savvy to be vigilant, Temporary Detective Chief Superintendent Matt Bradford, from the City of London Police, explains: “Typically, romance fraudsters will spend weeks gaining their victims’ trust… and initially make no suggestion of any desire to ask for any money, so the victim may believe their new love interest is genuine.”

Adding, “But weeks, or sometimes months later, these criminals will ask for money for a variety of emotive reasons and as the emotional relationship has already been formed, victims often transfer money without a second thought.”

Spear Phishing Attack Hits Russian Gov

Hackers thought to be associated with the North Korean government have affected members of Russia’s Ministry of Foreign Affairs (MID) as well as several of the country’s diplomates operating in different regions.

Researchers found that a spear phishing campaign, launched in December of last year, targeted diplomates via a remote access trojan (RAT) disguised as a New Year theme screensaver sent from fellow Russian offices in Serbia.

Thought to be perpetrated by the threat actors known as ‘Konni’, researchers at Lumen Technologies’ Black Lotus Labs, who have analysed the attack, urged caution regarding phishing attacks whilst noting on the incident, “While this particular campaign was highly targeted, it is vital for defenders to understand the evolving capabilities of advanced actors to achieve infection of coveted targets.

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.