Sunday, May 19, 2024
HomeCyber CrimeHackers Planted Fake Digital Evidence on Devices of Indian Activists and Lawyers

Hackers Planted Fake Digital Evidence on Devices of Indian Activists and Lawyers

In an attempt to plant “incriminating digital evidence,” a hitherto unknown hacking gang has been linked to targeted attacks across India against human rights activists, human rights defenders, academics, and attorneys.

SentinelOne, a cybersecurity firm, ascribed the breaches to a group known as “ModifiedElephant,” an elusive threat actor that has been active since at least 2012 and whose activities are closely aligned with Indian state interests.


“ModifiedElephant uses commercially accessible remote access trojans (RATs) and may have ties to the commercial spying industry,” according to the researchers. “To transmit malware like NetWire, DarkComet, and simple keyloggers, the threat actor leverages spear-phishing using infected documents.”

ModifiedElephant’s main purpose is to make long-term surveillance of targeted individuals easier, eventually leading to the distribution of “evidence” on the victims’ compromised systems in order to frame and imprison susceptible opponents.

Individuals linked to the 2018 Bhima Koregaon incident in the Indian state of Maharashtra are among the notable targets, according to SentinelOne researchers Tom Hegel and Juan Andres Guerrero-Saade.


The attack chains involve infecting targets — some of whom are infected multiple times in a single day — with spear-phishing emails containing malicious Microsoft Office document attachments or links to externally hosted files that are weaponized with malware capable of taking control of victim machines.

“The phishing emails use a variety of techniques to appear legitimate,” the researchers stated. “This includes resending their malware multiple times using new emails or lure documents, or sending fake body content with a forwarding history containing long lists of recipients, original email recipient lists with many seemingly fake accounts, or simply resending their malware multiple times using new emails or lure documents.”


An undisclosed commodity trojan targeting Android that allows attackers to intercept and handle SMS and call data, wipe or unlock the device, conduct network requests, and remotely administrate affected devices is also delivered via phishing emails. It’s described as a “excellent low-cost mobile surveillance toolbox” by SentinelOne.


“Due to their narrow scope of operations, the humdrum nature of their tools, and their regionally focused targeting, this actor has operated for years, eluding study attention and identification,” the researchers said.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us