[MART] - Daily Diary #451 - ModifiedElephant and a decade in surveillance and implantation of incriminating evidence

CTAS-MAT ctas-mat at appgate.com
Fri Feb 11 22:02:58 UTC 2022


Hello,
I hope everyone is doing well!

Below is the entry for today.

02/11/2022 - Diary entry #451

ModifiedElephant is an APT (Advanced Persistent Threat) actor that's been operational since at least 2012. ModifiedElephant goal is to enable the monitoring of human rights activists, academics, lawyers, and other targets of interest in India, which ultimately leads to the delivery of tampered "evidence" on the compromised systems to incriminate and imprison innocent opponents.

ModifiedElephant M.O. is to start a chain of infection with spear-phishing emails that adopt many approaches to get the appearance of legitimacy. These emails contain infected documents to deploy a variety of malware, including NetWire and DarkComet remote access trojans (RAT), keystroke loggers and even Android trojan. The deployed malware is then used to control and tamper with the environments, planting the "evidence".

This APT group shows another face of the cyberthreat landscape. Using advanced techniques, it shows that sometimes cybercrime is not about demanding ransom payments or other direct form of payment, but about exploiting individuals to manipulate politics and law enforcement. Although its interests align with the Indian state, it's not clear if they are state-sponsored attackers or if they follow their own agenda.
Kind Regards,


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220211/ddf127db/attachment.htm>


More information about the MART mailing list