Hackers Planted Fake Digital Evidence on Devices of Indian Activists and Lawyers

Parv Kohli

February 3, 2022

Recently human rights activists, human rights defenders, academics, and lawyers across India have fallen prey to targeted attacks by a previously unknown hacking group. 'SentinelOne,' a cybersecurity firm, has attributed the intrusions to a group it tracks as "ModifiedElephant," which has been acting as a threat since 2012. ModifiedElephant's primary purpose is to make long-term surveillance of targeted individuals easier, eventually leading to the distribution of "evidence" on the victims' compromised systems to frame and incarcerate vulnerable opponents. SentinelOne researchers Tom Hegel and Juan Andres Guerrero-Saade said in a report that a few of this group's targets include individuals involved with the renowned case of 2018 Bhima Koregaon violence in Maharashtra. The group uses spear-phishing emails to infect its victims and uses attack chains that lead them to files or links that are weaponized with malware capable of taking control of victim machines. The group operates using commercially available remote access trojans (RATs) and has potential ties to the commercial surveillance industry. Also distributed using phishing emails is an unidentified commodity trojan targeting Android that enables the attackers to intercept and manage SMS and call data, wipe or unlock the device, perform network requests, and remotely administer the infected devices. SentinelOne characterized it as an "ideal low-cost mobile surveillance toolkit." Using the phishing emails, ModifiedElepehant also distributes an unidentified commodity trojan that targets androids, enabling the attacks to intercept and message SMS and call data and giving them access to wipe or unlock the device. Sentinel One has characterized it as an "ideal low-cost mobile surveillance toolkit."

Abridged fromThe Hacker News