In today’s online chat and dating scene, romance scams are not uncommon, what with catfishers and West African cybercriminals potently toying with their victims’ emotions to cash in on their bank accounts. It’s quite odd (and probably underreported), however, to see it used as a vector for cyberespionage.
We stumbled upon the Confucius hacking group while delving into Patchwork’s cyberespionage operations, and found a number of similarities. Code in their custom malware bore similarities, for instance. Confucius targeted a particular set of individuals in South Asian countries, such as military personnel and businessmen, among others.
Are Patchwork and Confucius the same group? The commands in their backdoors do resemble each other. The config files have a similar, custom structure, and both groups have infrastructure overlap. However, we construe them to be different groups, possibly within the same community, with different objectives and modi operandi. While Patchwork may be more straightforward with its predominantly malware-based attacks, Confucius’ can be inferred to be more nuanced, relying heavily on social engineering.