Monday, January 13, 2025
HomeCyber Security NewsModifiedElephant APT Hacker Group Remain Secret For Years Using Advanced Sophisticated Techniques

ModifiedElephant APT Hacker Group Remain Secret For Years Using Advanced Sophisticated Techniques

Published on

It’s been reported recently that the ModifiedElephant APT Hacker group remains secret for years using advanced sophisticated techniques. And the cybersecurity researchers of SentinelLabs have asserted these specified details regarding the advanced persistent threat (APT) actor group ModifiedElephant.

However, they have been implementing their techniques and conducting different attacks for a decade. The threat actors of this group used tactics that generally allowed it to operate in utmost secrecy.

And all this is being done by the threat actors outwardly connecting the dots of the cybersecurity companies during their attack.

Targets & Objectives of ModifiedElephant 

The main objective of this threat group ModifiedElephant is very long-term surveillance. However, this implements a delivery of evidence that is a file that incriminates all the targeted crimes.

That’s why the analysts have done proper research and found that this threat group has targeted hundreds of groups and individuals. This includes:-

  • Journalists
  • Human rights defenders
  • Activists
  • Law professionals from India

Campaigns

As we said above that this threat group has been conducting several attacks over a decade, and for this reason only we have mentioned some of the campaigns that have been operated as well as conducted by the ModifiedElephant:-

  • In the year 2013, with the motive to drop malware, the threat actors of this group have used emails attachment along with the fake double extensions.
  • In the year 2015, the threat actors of this group moved to password-protected RAR attachments that initially contained legitimate lure documents.
  • In the year 2019, the operators of this group started hosting malware-dropping sites, and not only this, but they also abused the cloud hosting service. 
  • In the year 2020, the operators have used 300 Mb files of RAR with the motive of evading detection just by skipping scans.

Attacker’s toolkit

After having a proper investigation, the experts have claimed that they had not found any link that would say that the operators had been using any backdoor.

Due to this, we can say that the threat actors have not used any custom backdoors in any of their operations. And the malware that has been found in the campaigns are:- 

  • NetWire
  • DarkComet

However, these Trojans are publicly available and are being used by several threat actors.

Attribution

While the ModifiedElephant hacker group has been on the radar for a very long time, the security analysts are trying to find all the key links, and therefore they took it as a challenge.

Till now, ModifiedElephant has aligned itself with the Indian State interests, and not only this but it has been noted that there is a correlation between ModifiedElephant attacks and the arrest of individuals in different politically charged cases.

This kind of threat attack is very unsudden, and one must stay alert so that this kind of threat group cannot implement their planned operation.

Moreover, the experts have detected all the possible key links, and they are still searching, as there are still many questions regarding these threat actors and their operations.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...

Microsoft Warns of MFA Issue Affecting Microsoft 365 users

Microsoft has issued a warning regarding an ongoing issue with Multi-Factor Authentication (MFA) that...

RedCurl APT Deploys Malware via Windows Scheduled Tasks Exploitation

Researchers identified RedCurl APT group activity in Canada in late 2024, where the attackers...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...

Microsoft Warns of MFA Issue Affecting Microsoft 365 users

Microsoft has issued a warning regarding an ongoing issue with Multi-Factor Authentication (MFA) that...