Back Icon Back

cloud destinations



May 2022


  • ModifiedELEPHANT APT
  • Cyberespionage
  • Targeted Attacks
  • Cybersecurity


8 Min Read

“ModifiedELEPHANT APT”- Evaded Discovery for A Decade

An Advanced Persistent Threat (APT) actor traced as ModifiedElephant, a hacking group, had allegedly planted incriminating evidence on the personal devices of Indian journalists, human rights activists, human rights defenders, academics and lawyers. ModifiedElephant APT group has been carrying out its malicious activities since 2012 and successfully evading detection for over a decade.

Who Or What is ModifiedElephant?

ModifiedElephant operators have been infecting their targets using spear phishing emails with malicious file attachments. After invading the victim’s device, ModifiedElephant implants files that could be used to prosecute the individual, apart from spying on their activities.


According to Sentinel Labs, the ModifiedElephant APT has targeted hundreds of individuals and groups. Their attack tactics involve spear phishing emails using popular email services providers like Yahoo and Gmail to start the infection chain.

How does it work?

DarkComet or Netwire RATs, keyloggers, and an unidentified Android Trojan are embedded within the emails to affect the victims. The Android malware is also a commodity trojan, delivered to victims in the form of an APK, tricking them into installing it themselves by posing as a news app or a safe messaging tool. In various cases, the attached files leveraged exploits such as CVE-2012-0158, CVE-2013-3906, CVE-2014-1761, and CVE-2015-1641 for malware execution purposes.

How one can protect itself?

To reduce the susceptibility of ModifiedElephant attacks, some of the precautionary steps can be employed,

  • Use Multi-Factor authentication to ensure that the email ID is legitimate and the accounts aren’t compromised.
  • Use encryption to send the data over the internet.
  • Check before downloading the attachments to avoid malware payload

CD Bytes: Stay Vigilant!

Organizations should employ next-gen e-mail security to detect suspicious activity, and they should be informed and vigilant in their digital behaviour. If a malicious threat arises, the requisite digital actions should be taken to protect against cyber-attacks.

Back Icon Back Blogs

Related Posts

cloud destinations partners

United States

2603 Camino Ramon, Bishop Ranch 3, Suite 200, San Ramon, CA 94583, USA

cloud destinations partners


9850 King George Blvd, 2nd-5th Floor, Surrey, British Columbia, V3T 4Y3, Canada

cloud destinations partners


833A/ 3, Level 28, The Gardens South Tower, Mid Valley City, Lingkaran Syed Putra, 59200, Kuala Lumpur, Malaysia

cloud destinations partners


Block A2, First Floor, Span Ventures SEZ, Rathinam Tech Zone, Pollachi Main Road, Eachanari, Coimbatore – 641021

cloud destinations partners


WorkEZ Urban Square, Kandanchavadi, OMR, Kottivakkam, Rajiv Gandhi Salai, Chennai – 600041

Thank you for visiting our website! We use cookies to enhance your experience. These cookies help us remember your preferences, display relevant information, and ensure smooth functionality. By clicking “Accept,” you consent to our use of cookies. For more details, please see our Privacy Policy.