Modified Elephant is a term used by an adept hacking group that had allegedly planted evidence on the personal devices of Indian journalists, lawyers, human rights activists, academicians, etc., that they actively engaged in expressing views concerning topics of National Security and sovereignty. It has been operating since 2012 and has repeatedly targeted many individuals.
Modified Elephant was identified by a digital forensic investigation agency, SentinelOne. It came to light when the critics of the government clashed with the government supporters at Bhima, Koregaon, in 2018. This was followed by an alleged assassination attempt on Prime Minister Shri Narendra Modi.
Modified Elephant Working Process
The hacker group - Modified Elephant introduces malware into the personal devices of those mentioned above in an attempt to acquire sensitive information or access to a computer. They use a technique named "Spearfishing" by sending counterfeit messages using emails that often include information of interest to the recipient. Attackers take a narrow focus and tailor detailed, targeted email messages to a specific recipient or group in such cyber attacks.
Modified Elephant typically uses Microsoft Office files as a weapon to send malware to its target. The technique included in the files have changed over time:
- In mid-2013, executable files with fake double extensions such as.. filename.pdf.exe. were used by the attackers.
- After 2015, the hackers used less conspicuous fake document files, which hide malware's behaviour, including those with .doc, Docx, .pps, and .rar extensions.
- In 2019, operators emailed links to files hosted externally.
Modified Elephant Victim's Devices
The Modified Elephant hackers use RAT, ie. Remote access Trojan to access the target victim's device. They use the following two types of RATs -
- NetWire: It is a RAT focused on activities such as keylogging, password stealing, and remote control capabilities.
- DarkComet: Another RAT that can control a user's system using a graphical user interface. It can be used to spy on victims using password-stealing, screen captures, or key-logging.
- Simple Keyloggers: installed as malware on a person's device without their knowledge for stealing financial information and personal login details.
Modified Elephant - Safeguard Against Threats
On the individual front, though safeguarding from such sources may be difficult considering the professional methodologies used by hackers worldwide, it is advisable to adopt some of the below-mentioned techniques to protect oneself from Modified Elephant attacks -
- Use multifactor authentication to ensure that your / your colleague's devices are not compromised in the first place.
- Ensure that you are 100% aware of the links and emails you access on your device before clicking on the same.
- It is important to educate people about cyber attacks such as spearphishing and ensure that they maintain scepticism while accessing data from unknown sources.
- Don't trust pop-up windows that request you to download software.
In today's world, where everyone can learn to hack at the click of a finger, one should always be alert and aware of such digital behaviour. The case of the Modified Elephant offers significant insight into the minds of those who are willing to utilize their valuable time and effort to engage against individuals who have anti-national views.
FAQs on Modified Elephant
Q.1. What is the objective of the Modified Elephant group?
The Modified Elephant does long-term surveillance to conclude with the delivery of ‘evidence' –files that incriminate the target in specific crimes.
Q.2. Is the Modified Elephant group still active?
The Modified Elephant is very active and is still working underground. Their true identity has not been discovered to date.
Q.3. What are the spearphishing emails sent by the Modified Elephant generally based on?
Activism news and groups, global and local events on climate change, politics, and public service are some topics relevant to the target that the spearphishing emails and lure attachments are titled and generally based on by the Modified Elephant.
Q.4. Since when has Modified Elephant been working?
Modified Elephant has been active since 2012.
Q.5. Name the two major firms that identified the Modified Elephant?
The American Cybersecurity firm Sentinel One and the Computer Forensics and Information Security services firm - Arsenal Consulting are the firms that identified the Modified Elephant.