IAS Gyan

Daily News Analysis

ModifiedElephant                                        

18th February, 2022 Security and Defence

                                                       Copyright infringement is not intended

Context: American cybersecurity firm released a report on ModifiedElephant.

What is ModifiedElephant?

  • It is a hacking group that allegedly planted incriminating evidence on the personal devices of Indian journalists, human rights activists, human rights defenders, academics and lawyers.
  • It maliciously targeted specific groups and individuals, including the activists arrested in the Bhima Koregaon case of 2018.

 

How does ModifiedElephant deploy malware to its targets?

  • ModifiedElephant operators have been infecting their targets using spearphishing emails with malicious file attachments.
  • Spearphishing refers to the practice of sending emails to targets that look like they are coming from a trusted source to either reveal important information or install different kinds of malware on their computer systems.
  • It typically weaponises malicious Microsoft Office files to deliver malware to their targets.

 

What does ModifiedElephant do to its victims’ devices?

  • It obtains remote access to and unrestricted control of victims’ devices.
  • NetWire and DarkComet, two publicly-available remote access trojans (RATs), were the primary malware families deployed by ModifiedElephant.
    • NetWire is a RAT focused on password stealing, keylogging and remote control capabilities.
    • DarkComet is another RAT that can take control of a user’s system using a convenient graphical user interface.

 

How to protect devices from ModifiedElephant?

  • Ensure multi-factor authentication (MFA) to ensure that you or your associates’ email IDs and other accounts aren’t compromised in the first place.
  • Educate people about the dangers of cyberattacks such as spearphising and ensure that they remain suspicious about emails from unknown and known sources.
  • Encrypt any sort of file that one sent over the internet. Attackers often use legitimate documents in order to trick their targets into downloading files that contain a malware payload. If they can’t access these documents in the first place, they won’t be able to package malware along with it.
  • Be alert and aware of digital behavior

 

https://indianexpress.com/article/explained/explained-what-we-know-of-hacking-group-modifiedelephant-7770228/