Hackers Planted Fake Digital Evidence on Devices of Indian Activists and Lawyers


In an attempt to plant “incriminating digital evidence,” a hitherto unknown hacking gang has been linked to targeted attacks across India against human rights activists, human rights defenders, academics, and attorneys.

SentinelOne, a cybersecurity firm, ascribed the breaches to a group known as “ModifiedElephant,” an elusive threat actor that has been active since at least 2012 and whose activities are closely aligned with Indian state interests.


“ModifiedElephant uses commercially accessible remote access trojans (RATs) and may have ties to the commercial spying industry,” according to the researchers. “To transmit malware like NetWire, DarkComet, and simple keyloggers, the threat actor leverages spear-phishing using infected documents.”

ModifiedElephant’s main purpose is to make long-term surveillance of targeted individuals easier, eventually leading to the distribution of “evidence” on the victims’ compromised systems in order to frame and imprison susceptible opponents.

Individuals linked to the 2018 Bhima Koregaon incident in the Indian state of Maharashtra are among the notable targets, according to SentinelOne researchers Tom Hegel and Juan Andres Guerrero-Saade.


The attack chains involve infecting targets — some of whom are infected multiple times in a single day — with spear-phishing emails containing malicious Microsoft Office document attachments or links to externally hosted files that are weaponized with malware capable of taking control of victim machines.

“The phishing emails use a variety of techniques to appear legitimate,” the researchers stated. “This includes resending their malware multiple times using new emails or lure documents, or sending fake body content with a forwarding history containing long lists of recipients, original email recipient lists with many seemingly fake accounts, or simply resending their malware multiple times using new emails or lure documents.”


An undisclosed commodity trojan targeting Android that allows attackers to intercept and handle SMS and call data, wipe or unlock the device, conduct network requests, and remotely administrate affected devices is also delivered via phishing emails. It’s described as a “excellent low-cost mobile surveillance toolbox” by SentinelOne.


“Due to their narrow scope of operations, the humdrum nature of their tools, and their regionally focused targeting, this actor has operated for years, eluding study attention and identification,” the researchers said.


IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.

This site is under maintenance,
some features might not work!!!