It has been discovered that a hacking group dubbed ‘ModifiedElephant’, described as an APT (advanced persistent threat) actor has been engaging in its malicious activities in secret for a decade, avoiding detection and correlation between attacks due to the employed methods.
Bringing ‘ModifiedElephant’ Out of the Shadows
Researchers from SentinelLabs have recently published a report where they went into details over the methods used by ‘ModifiedElephant’ APT.
The threat actors normally leverage handy trojans by means of spear-phishing emails including compromised attachments pushing RATs (remote access trojans) such as NetWire and DarkComet as well as keyloggers.
Various times, the attached files leveraged exploits such as CVE-2012-0158, CVE-2013-3906, CVE-2014-1761, and CVE-2015-1641 for malware execution purposes.
Reportedly, the campaigns’ lures have been identified to be politically linked and frequently customized depending on the target.
The legitimacy aspect of emails has been also approached in different manners.
This includes fake body content with a forwarding history containing long lists of recipients, original email recipient lists with many seemingly fake accounts, or simply resending their malware multiple times using new emails or lure documents.
Researchers also shared in their report a sample email linked to this threat actor:
What’s interesting
