A previously unknown hacking group has been linked to targeted attacks against human rights activists, human rights defenders, academics, and lawyers across India in an attempt to plant “incriminating digital evidence.”
Cybersecurity firm SentinelOne attributed the intrusions to a group it tracks as “ModifiedElephant,” an elusive threat actor that’s been operational since at least 2012, whose activity aligns sharply with Indian state interests.
“ModifiedElephant operates through the use of commercially available remote access trojans (RATs) and has potential ties to the commercial surveillance industry,” the researchers said. “The threat actor uses spear-phishing with malicious documents to deliver malware, such as NetWire, DarkComet, and simple keyloggers.”
The primary goal of ModifiedElephant is to facilitate long-term surveillance of targeted individuals, ultimately leading to the delivery of “evidence” on the victims’ compromised systems with the goal of framing and incarcerating vulnerable opponents.
images from Hacker News