techno.rentetan.com – A cybercrime gang infamous for installing damning data on the gadgets of Indian activists has been revealed in a new research. This secretive cyber outfit has been targeting individuals in India for the better part of a decade utilizing its digital skills to plant fake proof of criminal conduct on their gadgets. A pretext for the arrest of the victims was supplied by the use of fabricated evidence.
Security company Sentinel One has released a new study this week that sheds light on how the gang uses digital dirty tricks to target “human rights activists, human right defenders, professors, and attorneys” in India.
The organization, called “ModifiedElephant” by academics, is mostly concerned with espionage, although it does interfere to seem to implicate its targets for criminal activity. According to a statement by researchers,
The goal of ModifiedElephant is long-term monitoring that at times ends with the transmission of ‘evidence’—files that accuse the target in particular crimes—before neatly synchronized arrests are made.
One of the most well-known cases of Elephant is Maoist leader Rona Wilson and a number of his colleagues who were detained by Indian security agencies in 2018 and charged of conspiring to topple the government. Wilson’s laptop had evidence of the alleged conspiracy, including a word document describing intentions to kill the country’s prime leader, Narendra Modi. As it turned out, the papers were phony and had been put on the device using malware. Sentinel researchers believe that Elephant is responsible for their current location.
A digital forensics company, Boston-based Arsenal Consulting, evaluated the laptop in question and blew the case wide open, making it more widely known. In the end, Arsenal found that Wilson and all of his alleged co-conspirators, as well as many other activists, had been targeted with digital manipulation. The business went into detail about the scope of the infiltration in a report:
We have established that Mr. Wilson’s computer was attacked and compromised for 22 months by the same attacker who also targeted his co-defendants and other high-profile Indian criminal defendants in the Bhima Koregaon case and other high-profile Indian cases over the course of approximately four years.
How did the cybercriminals get their hands on the papers in the first instance?
Hacking methods and tactics are used by Elephant to get access to victims’ systems, according to Sentinel One’s study on Elephant. RATs (remote access tools) are easy-to-use apps accessible on the dark web that can take control of computers. Elephant has been found to employ two well-known brands, DarkComet and Netwire. The RAT gives Elephant complete access over the victim’s device, allowing them to covertly perform surveillance or, as in Wilson’s case, deploy bogus, damning papers, researchers write.
It’s all a little shady. It’s impossible to know for sure who “Elephant” is in the hacking community. Researchers, on the other hand, claim that there is enough evidence to demonstrate that the organization is acting in the “interests” of the Indian government:
A clear link exists between ModifiedElephant assaults and contentious, politically sensitive arrests. We believe this is because ModifiedElephant behavior is closely aligned with Indian state priorities.
It’s unfortunate that ModifiedElephant isn’t the only organization that’s been doing this. Baris Pehlivan, a Turkish journalist who was imprisoned for 19 months in 2016 after the Turkish government accused him of terrorism, is likely to have been targeted by a separate gang. Digital forensics eventually proved that the papers used to substantiate Pehlivan’s allegations had been planted, similar to those on Wilson’s laptop, later exposed.
Overall, it’s an unpleasant read. Sentinel One analysts note that “many doubts remain” concerning Elephant as a threat actor and their actions. Critics of authoritarian regimes across the globe, however, must be aware of their opponents’ ability to use advanced technology to suppress them.