MODIFIED ELEPHANT
Disclaimer: Copyright infringement not intended.
Context
- American cyber security firm Sentinel One has released a report on Modified Elephant—a hacking group that allegedly planted incriminating evidence on the personal devices of Indian journalists, human rights activists, human rights defenders, academics and lawyers.
Details
- Modified Elephant operators have been infecting their targets using spear phishing emails with malicious file attachments over the last decade, with their techniques getting more sophisticated over time.
- Spear phishing refers to the practice of sending emails to targets that look like they are coming from a trusted source to either reveal important information or install different kinds of malware on their computer systems.
- Modified Elephant typically weaponises malicious Microsoft Office files to deliver malware to their targets.
What does Modified Elephant do to its victims’ devices?
- Modified Elephant NetWire and DarkComet to its victims.
- NetWire: NetWire is a RAT focused on password stealing, key logging and remote control capabilities.
- DarkComet: DarkComet is another RAT that can take control of a user’s system using a convenient graphical user interface. It can be used to spy on victims using screen captures, key-logging, or password stealing.