ModifiedElephant
Copyright infringement is not intended
Context: American cybersecurity firm released a report on ModifiedElephant.
What is ModifiedElephant?
- It is a hacking group that allegedly planted incriminating evidence on the personal devices of Indian journalists, human rights activists, human rights defenders, academics and lawyers.
- It maliciously targeted specific groups and individuals, including the activists arrested in the Bhima Koregaon case of 2018.
How does ModifiedElephant deploy malware to its targets?
- ModifiedElephant operators have been infecting their targets using spearphishing emails with malicious file attachments.
- Spearphishing refers to the practice of sending emails to targets that look like they are coming from a trusted source to either reveal important information or install different kinds of malware on their computer systems.
- It typically weaponises malicious Microsoft Office files to deliver malware to their targets.
What does ModifiedElephant do to its victims’ devices?
- It obtains remote access to and unrestricted control of victims’ devices.
- NetWire and DarkComet, two publicly-available remote access trojans (RATs), were the primary malware families deployed by ModifiedElephant.
- NetWire is a RAT focused on password stealing, keylogging and remote control capabilities.
- DarkComet is another RAT that can take control of a user’s system using a convenient graphical user interface.
How to protect devices from ModifiedElephant?
- Ensure multi-factor authentication (MFA) to ensure that you or your associates’ email IDs and other accounts aren’t compromised in the first place.
- Educate people about the dangers of cyberattacks such as spearphising and ensure that they remain suspicious about emails from unknown and known sources.
- Encrypt any sort of file that one sent over the internet. Attackers often use legitimate documents in order to trick their targets into downloading files that contain a malware payload. If they can’t access these documents in the first place, they won’t be able to package malware along with it.
- Be alert and aware of digital behavior