Fake Digital Evidences on Devices of Activists and Lawyer are planted by Hackers
Introduction
All over the world cybercrime has challenged national security system. In the last five years, there has been a tremendous increase of 67% in the incident of security breaches worldwide. Most of the security breach happens through malicious activity like ransomware, phishing etc.. American cyber security company Sentinel One has identified a malicious hacking group that targets the critics of Modi’s government, including Rona Wilson.
Sentinel One has identified a hacking tool that is used to plant fabricated digital evidence on the target’s device and named it as “Modified Elephant . Most of the victims of this malicious activity are India-based human rights activists, human right defenders, academics and lawyers. It is likely connected with to another older group that has typically targeted India’s adversaries like China and Pakistan with cyber espionage.
The report implies that the network has been in action since 2012, whose activity aligns sharply with Indian state interests. It is one of the most serious cases of ‘evidence tempering’ that the firm had ever seen.
How the attack spread?
ModifiedElephant operators have been infecting their targets using spear-phishing emails with malicious file attachments over the last decades, with their techniques getting more sophisticated over time. Spear-phishing means the practice of sending emails to targets that look like they are coming from a trusted source to either reveal important information or install different kinds of malware on their computer systems.
How ModifiedElephant hacks targets?
It typically weaponises malicious Microsoft Office files to deliver malware to their targets through Netwire, DarkComet and simple key loggers.
The primary goal is to facilitate long term surveillance of targeted individuals, ultimately leading to the delivery of “evidence” on the victims’ compromised systems with the goal of framing and incarcerating vulnerable opponents.
According to SentinelOne, Netwire and DarkComet are two publicly- available remote access Trojans (RATs), were the primary malware families deployed by ModifiedElephant.
Netwire focuses on stealing password, keylogging and remote control capabilities. Since 2012, it is used and typically distributed through social engineering campaigns.
DarkComet is that can take control of user’s system by using convenient GUI. It is developed in 2008 by French infosec programmer to spy on victims using screen captures, key-logging or password stealing.
Along with Netwire and DarkCommet ModifiedElephant sent android malware to its victims. Through this malware, the attacker gets full coverage on the target across device.
Remedies:
As we know, prevention is better than cure. To avoid this type of attack we should follow some measures:
- Monitoring of network can also be a good way to detect any Trojan over the internet.
- Disable Remote Assistance connection of the system.
- Keep the operating system, installed software and particularly security programs always updated.
- Always implement two-factor authentication.
- Use an alternate keyboard to avoid keylogging.
- Always be careful while clicking on the popup ads.
- If anybody receives a suspicious email or message change the phone number immediately.