Back
Share
May 2022
8 Min Read
“ModifiedELEPHANT APT”- Evaded Discovery for A Decade
An Advanced Persistent Threat (APT) actor traced as ModifiedElephant, a hacking group, had allegedly planted incriminating evidence on the personal devices of Indian journalists, human rights activists, human rights defenders, academics and lawyers. ModifiedElephant APT group has been carrying out its malicious activities since 2012 and successfully evading detection for over a decade.
Who Or What is ModifiedElephant?
ModifiedElephant operators have been infecting their targets using spear phishing emails with malicious file attachments. After invading the victim’s device, ModifiedElephant implants files that could be used to prosecute the individual, apart from spying on their activities.
Note:
According to Sentinel Labs, the ModifiedElephant APT has targeted hundreds of individuals and groups. Their attack tactics involve spear phishing emails using popular email services providers like Yahoo and Gmail to start the infection chain.
How does it work?
DarkComet or Netwire RATs, keyloggers, and an unidentified Android Trojan are embedded within the emails to affect the victims. The Android malware is also a commodity trojan, delivered to victims in the form of an APK, tricking them into installing it themselves by posing as a news app or a safe messaging tool. In various cases, the attached files leveraged exploits such as CVE-2012-0158, CVE-2013-3906, CVE-2014-1761, and CVE-2015-1641 for malware execution purposes.
How one can protect itself?
To reduce the susceptibility of ModifiedElephant attacks, some of the precautionary steps can be employed,
- Use Multi-Factor authentication to ensure that the email ID is legitimate and the accounts aren’t compromised.
- Use encryption to send the data over the internet.
- Check before downloading the attachments to avoid malware payload
CD Bytes: Stay Vigilant!
Organizations should employ next-gen e-mail security to detect suspicious activity, and they should be informed and vigilant in their digital behaviour. If a malicious threat arises, the requisite digital actions should be taken to protect against cyber-attacks.
Linkedin
