Hackers planted fraudulent digital evidence on the phones and computers of Indian activists and lawyers.
SentinelOne, a cybersecurity firm, ascribed the breaches to a group known as "ModifiedElephant," an elusive threat actor that has been active since at least 2012 and whose activities are closely aligned with Indian state goals. "ModifiedElephant uses commercially accessible remote access trojans (RATs) and may have connections to the commercial spying business," according to the researchers. "To transmit malware like NetWire, DarkComet, and basic keyloggers, the threat actor leverages spear-phishing using infected documents." The attack chains involve infecting targets — some of whom are infected multiple times in a single day — with spear-phishing emails containing malicious Microsoft Office document attachments or links to externally hosted files that are weaponized with malware capable of taking control of victim machines. Read More