A new Delhi-based threat group reportedly strikes government agencies and defence departments of countries within South Asia, including China and Pakistan. The report’s analysis came from the malicious attacks of a threat group dubbed “You Xiang” or translated to “Baby Elephant” that targets the tech and equipment sector. The study also exposed threat actors who hide behind screens.
The Baby Elephant group was first detected back in 2017 when multiple large-scale targeted cyberattacks were recorded against the government and defence departments in countries within South Asia.
The analysis also showed that the Baby Elephant threat group is based in Delhi, India, and is different from the “White Elephant” group.
Initially, despite the threat group having independent attack tools and resources, their attack type is considered basic. Experts added that the group might be a newly launched threat group with underdeveloped technical skills, hence their name Baby Elephant.
Since its launch in 2017, Baby Elephant has gradually enhanced their attack activities and doubled it per year. Their resources and attack methods have also become richer and more advanced until they started attacking more areas within South Asia.
For this year, the threat group started attacking Chinese institutions through cyber espionage.
The detected malicious activities performed by the threat group include injecting malware on mobile phones through third-party Android apps, setting up phishing sites, and coding trojans written from languages like Python to steal confidential information, passwords, and other data from the victims’ devices.
One recorded attack from the Baby Elephant group is when they impersonated the Nepalese army and government’s mail system to launch targeted attacks and steal email accounts to perform further cyberattacks.
The report’s analysis highlighted the exposure of the threat group’s location when they uploaded one of their developed trojans to a public security resource, attempting to test its ability to escape anti-virus tools. Upon retrieving data from the security resource, one uploader was revealed to have come from Delhi, India, who uploaded eight test trojans from November 23 and 24, 2020. Experts said that the uploaded trojans have the same code similarity as those that are from Baby Elephant.
The Baby Elephant threat group has become one of the most active groups in India that pose threats to South Asia and Asia-Pacific territories as of writing.
