MODIFIEDELEPHANT: HACKING GROUP FRAMES ACTIVISTS BY PLANTING FAKE EVIDENCE ON THEIR DEVICES

Asia Tech World

Tue 15 February 2022:

SentinelOne, a cyber security platform based in the United States, has found a hacking tool that has been used to plant fake digital evidence on the target’s devices.

Victims of this attack have been identified as human rights activists, journalists, professors, and attorneys based in India, including Rona Wilson, an activist charged in the Bhima Koregaon case.

The research, co-authored by cyber security specialists Tom Hegel and Juan Andres Guerrero-Saade, claims that the network has been active since “at least 2012,” and that it has “repeatedly targeted specific individuals” in India. The software, codenamed ‘ModifiedElephant’ by the researchers, the malware does not match the technical sophistication of NSO group’s Pegasus spyware. However, its ability to plant fabricated evidence on victims’ phones has far-reaching consequences.

However, its ability to plant fabricated evidence on victims’ phones has far-reaching consequences. “We observe that ModifiedElephant activity aligns sharply with Indian state interests and that there is an observable correlation between ModifiedElephant attacks and the arrests of individuals in controversial, politically-charged cases”, researchers observed in a post.

Malicious file attachments that appeared like typical Microsoft Office document files were used by the perpetrators of these attacks. Those files, on the other hand, were weaponized to distribute malware that changed over time and across different targets. The phishing emails were “themed around topics relevant to the target” and were intended to lure the users.

“Heavy reliance on commercial and rather uninteresting malware like NetWire and DarkComet RATs. They also attempted to deliver keyloggers and Android trojans. Early efforts around 2012 included the keyloggers and DarkComet RATs”, Tom Hegel, one of the authors of the research, posted on Twitter.

However, he notes that around 2014/2015, “as the quality and persistence of their campaigns increased,” the attackers may have gained access to a new set of resources. The researchers based their study on a previous examination conducted by Arsenal Consulting, a digital forensics firm located in the United States.

Other mobile surveillance malware, such as Pegasus, has been used against the victims of this attack. While the study found parallels between the aims of Indian law enforcement authorities and those of the assailants, it did not pinpoint a specific organization. The researchers point out that they have a lot of information about attackers’ activity and targets over the last decade.

“Our profile of ModifiedElephant has taken a look at a small subset of the total list of potential targets, the attackers’ techniques, and a rare glimpse into their objectives”, the security experts noted. SentinelOne is a California based cybersecurity company founded in 2013.

NEWS AGENCIES

_____________________________________________________________________________________________________________

FOLLOW INDEPENDENT PRESS:

TWITTER (CLICK HERE) 
https://twitter.com/IpIndependent 

FACEBOOK (CLICK HERE)
https://web.facebook.com/ipindependent

Think your friends would be interested? Share this story!

Leave a Reply

Your email address will not be published. Required fields are marked *