In the last few years, cyber-crime has exploded. Hackers have been caught stealing millions of dollars worth of cryptocurrency, both professionally and recreationally. Last year, cyber crime even endangered human life by initiating multiple “killware” attacks, and these aren't the only forms of cyberattacks.
Over the past decade, a hacking group has been found framing people for crimes they didn't commit. Reported by cybersecurity firm Sentinel One, a single hacking group is responsible for the wrongful arrests of multiple high profile individuals.
The cybersecurity firm revealed that a single hacking group has been targeting multiple people across India for over ten years. Hackers used multiple tools to plant evidence on the computers of individuals which led to their arrest.
Targets for the group included “human rights activists, human rights defenders, academics, and lawyers”. The group would perform “surveillance” on targets before planting “files that incriminate the target in specific crimes”
One of ModifiedElephant's targets was activist Rona Wilson. The activist was arrested on suspicion of treason. Files were planted on Wilson's computer that made it appear like he was planning to overthrow governments. One file was a detailed plan to assassinate Prime Minister Narendra Modi.
The files were discovered to have been planted after analysis by forensics company Arsenal Consulting. Wilson's computer was found to have been compromised for around 22 months before being manipulated by the group.
How is ModifiedElephant hacking people?
Sentinel One explains that the hacks ModifiedElephant employ are not exactly new software packages. In fact, the tools used by the group were described as “unsophisticated and downright mundane”.
The group’s most favoured tools, NetWire and DarkComet, are both freely available tools found on the Dark Web. Sentinel One describes the tools as having a “long history of abuse by threat actors across the spectrum of skill and capability.”
What's most confusing is why ModifiedElephant is hacking people. The most likely theory is that the group is working with, or for, the Indian government. This is because there is “an observable correlation between ModifiedElephant attacks and the arrests of individuals in controversial, politically-charged cases.”
Sentinel One concludes that “critics of authoritarian governments around the world must carefully understand the technical capabilities of those who would seek to silence them.”