Hacker group 'Modified Elephant' who has turned the target into a criminal with false evidence for more than 10 years is identified
On February 9, 2022, American security company SentinelOne released a report on Modified Elephant , a group of hackers who have turned Indian human rights activists and journalists into criminals for at least a decade.
ModifiedElephant APT and a Decade of Fabricating Evidence --SentinelOne
Hacking group'ModifiedElephant' evaded discovery for a decade
https://www.bleepingcomputer.com/news/security/hacking-group-modifiedelephant-evaded-discovery-for-a-decade/
'Modified Elephant' announced this time is a group of hackers who are said to be working on putting counterfeit files that are evidence of crime into the system of a specific group. Initially, the trick was to send a file with a double extension, such as 'filename.pdf.exe', which was very simple.
However, in 2015, it became more sophisticated, such as 'putting a fake document file that hides the behavior of malware into a password-encrypted RAR file', and in 2019, it started hosting malware that abused the cloud hosting service. In 2020, we used a technique of avoiding scanning by using a large RAR file of about 300MB to sneak malicious files into the target system.
Below is a sample email used to send a fake crime evidence file.
The phishing emails sent from Modified Elephant to victims used a number of approaches to disguise their legitimacy, such as legitimate recipient lists, forwarding history, and text that seems to be the text. It is also speculated that Modified Elephant is working to dress a particular group because of the political relevance of the content of the fake document.
The activities of Modified Elephant came to light in the wake of a clash between pro-government and rebel groups in January 2018 in Maharashtra, India. Maharashtra police arrested a number of members of an Indian militant group in a series of turmoil that injured five and killed one, and crimes including the assassination plan of Prime Minister Narendra Modi from the seized PC Announced that it has found evidence of.
Later, Arsenal Consulting, an American forensic company that the defendants asked for evidence, released a report that the digital files seized by police were forged. As a result of further investigation by SentinelOne who obtained this, the existence of a hacker group, Modified Elephant, who has launched a similar attack on a specific group for many years has emerged.
Modified Elephant has been confirmed to be active since at least 2012 and is still active at the time of writing the article. Regarding this hacker group, Bleeping Computer, an IT news site, said, 'The attack on Modified Elephant was carried out just before some targets were arrested. Also, the targets are in the way of India's national interest. In light of this, it seems that Modified Elephant is being supported by a public agency in India. Since activists and scholars involved in free speech are unlikely to be targeted for gold-seeking crimes, such attacks are likely to occur. Can be said that politics is always involved. '
Related Posts:
