American cyber security firm Sentinel One has released a report on Modified Elephant—a hacking group that allegedly planted incriminating evidence on the personal devices of Indian journalists, human rights activists, human rights defenders, academics and lawyers.
Details
Modified Elephant operators have been infecting their targets using spear phishing emails with malicious file attachments over the last decade, with their techniques getting more sophisticated over time.
Spear phishing refers to the practice of sending emails to targets that look like they are coming from a trusted source to either reveal important information or install different kinds of malware on their computer systems.
Modified Elephant typically weaponises malicious Microsoft Office files to deliver malware to their targets.
What does Modified Elephant do to its victims’ devices?
Modified Elephant NetWire and DarkComet to its victims.
NetWire: NetWire is a RAT focused on password stealing, key logging and remote control capabilities.
DarkComet: DarkComet is another RAT that can take control of a user’s system using a convenient graphical user interface. It can be used to spy on victims using screen captures, key-logging, or password stealing.