Threat players are hijacking the devices of India’s human rights lawyers, activists & defenders, planting incriminating evidence to ‘set them up’ for arrest, researchers warn.
The ‘Modified Elephant’ threat players are technically not impressive, but they have evaded detection for a decade, hacking human rights advocates’ systems with old keyloggers & off-the-shelf RATs.
Modified Elephant
The player, dubbed Modified Elephant, has been ‘at it’ for at least 10 years, & it is still active. It has been hitting targets since 2012, if not sooner, going after 100s of groups & individuals – some repeatedly – according to Sentinel Labs researchers.
The operators are not what you would call technical ‘Wizz-kids,’ but that does not matter. Tom Hegel, Threat Researcher at Sentinel One, stated in a post that the advanced persistent threat (APT) group – which may be tied to the commercial surveillance industry – has been getting along fine using basic hacking tools such as commercially available remote-access trojans (RATs).
Ensnaring Victims
The APT is ensnaring victims with spearphishing, delivering malware via rigged documents.
The group’s used malwares include Net Wire, Dark Comet & simple keyloggers “with infrastructure overlaps that allow us to connect extended periods of previously unattributed malicious activity,” Hegel wrote.
The Dark Comet RAT, for example, has been used in politically motivated attacks for at least as long as Modified Elephant has been doing its dirty work. In 2012, its author gave up on development & sales after finding out that Dark Comet was used by the Syrian government in attacks against anti-government activists.
Old Tools
“There’s something to be said about how mundane the mechanisms of this operation are,” ob ..
Support the originator by clicking the read the rest link below.
