Researchers have finally concluded their analysis regarding the ModifiedElephant APT group’s used TTPs to operate in secrecy without being noticed by security organisations for more than ten years.
The ModifiedElephant advanced persistent threat group is the culprit behind the targeted attacks against human rights defenders, activists, academic institutions, and Indian-based lawyers. The objective of the APT group is to plant incriminating digital evidence to support the propagation of its self-interest.
Furthermore, the APT group was politically-driven, tailored, and related to their target. In several cases, the threat actors abused the attached documents, and several flaws such as CVE-2014-1761, CVE-2012-0158, CVE-2015-1641, and CVE-2013-they exploited 3906.
Some infrastructures overlap in the APT groups’ multiple campaigns in six years. The consistency of the deployed malware indicates a connection between the ModifiedElephant and other groups.
The researchers also have an interesting claim that the official administration of India is sponsoring the ModifiedElephant APT. Based on the target selection of the threat group, it is likely that this theory is right since the attacks of the APT group aligned well with the Indian state’s interests.
The attack transmitter of the ModifiedElephant APT is an independent vector since researchers cannot find any group that uses the same technique.
Other reports revealed that the APT group had not been linked with any custom-developed backdoor. This idea implies that this advanced persistent threat group may not be technically sophisticated but still sponsored by someone.
Experts believe that the group utilises available trojans and distributes them through a spear-phishing campaign to spread keyloggers, remotely-accessed trojans, android malware strains, and DarkComet malware.
The ModifiedElephant APT group has been operating for about a decade without being caught by cybersecurity solutions. The group’s longevity indicates the risk imposed by such a threat group. Thus, there is a possibility that more groups operate under the noses of security providers.