Last Updated on 12/02/2022 by Nidhi Khandelwal
In an attempt to plant “incriminating digital evidence,” a hitherto unknown hacking gang has been linked to targeted attacks against human rights activists, human rights defenders, professors, and attorneys across India.
SentinelOne, a cybersecurity firm, ascribed the breaches to a group known as “ModifiedElephant,” an elusive threat actor that has been active since at least 2012 and whose activities are closely aligned with Indian state interests.
“ModifiedElephant uses commercially accessible remote access trojans (RATs) and may have ties to the commercial spying industry,” according to the researchers. “To transmit malware like NetWire, DarkComet, and simple keyloggers, the threat actor leverages spear-phishing using infected documents.”
ModifiedElephant’s main purpose is to make long-term surveillance of targeted individuals easier, eventually leading to the distribution of “evidence” on the victims’ compromised systems in order to frame and imprison susceptible opponents.
Individuals linked to the 2018 Bhima Koregaon incident in the Indian state of Maharashtra are among the notable targets, according to SentinelOne researchers Tom Hegel and Juan Andres Guerrero-Saade.
The attack chains involve infecting targets — some of whom are infected multiple times in a single day — with spear-phishing emails containing malicious Microsoft Office document attachments or links to externally hosted files that are weaponized with malware capable of taking control of victim machines.