Hackers Targeted Indian Activists and Lawyers with Fake Digital Evidence Planting.

Short News:- 

As per SentinelOne researchers, the term "ModifiedElephant" appears to be closely aligned with Indian state interests. Hackers use malware such as NetWire, DarkComet, and simple keyloggers to spread infections. Those targeted include those who were involved in the 2018 Bhima Koregaon violence in the Indian state of Maharashtra.

Detailed News:- 

Human rights activists, human rights defenders, academics, and lawyers across India have been targeted by an unknown hacking group in an attempt to plant "incriminating digital evidence."

It's believed that the attacks were carried out by a group known as "ModifiedElephant," which has been active since at least 2012 and appears to be closely aligned with Indian state interests.

ModifiedElephant uses commercially available remote access trojans (RATs) and may be linked to the commercial surveillance industry, according to the findings. In order to spread malware like NetWire, DarkComet, and simple keyloggers, the threat actor employs spear-phishing and malicious documents.

With ModifiedElephant's primary goal being the delivery of "evidence" on the compromised systems of targeted individuals, it is hoped that vulnerable opponents will be framed and imprisoned as a result.

SentinelOne researchers Tom Hegel and Juan Andres Guerrero-Saade said in a report that prominent targets include those involved in the 2018 Bhima Koregaon violence in the Indian state of Maharashtra.

Using spear-phishing emails containing malicious Microsoft Office document attachments or links to files hosted externally that are weaponized with malware capable of taking control of victim machines, the attack chains infect the targets, some of them multiple times in a single day.

The researchers said that phishing emails employ a variety of techniques to appear legitimate. Fake body content with a forwarding history containing long lists of recipients, original email recipient lists with many seemingly fake accounts, or simply resending their malware multiple times using new emails or lure documents" are examples of this.

Unidentified Android trojans are also distributed via phishing emails, allowing hackers to intercept and manage text messages, wipe or unlock the device and perform network requests. The infected devices can also be remotely administered. An "ideal low-cost mobile surveillance toolkit," according to SentinelOne.

According to researchers, "this actor has been operating for years, evading research attention and detection due to their limited scope of operations; the mundane nature of the tools they use; and their regionally-specific targeting."