Charged by an Elephant – An APT Fabricating Evidence to Throw You In Jail
Conference: Black Hat USA 2022
2022-08-11
Summary
The presentation discusses the use of malware and phishing by an unscrupulous actor in India to target activists, resulting in a human cost. The focus is on the persistent attacks against one individual, Rona Wilson, and the various apt groups involved in the attacks.
- An unscrupulous actor in India has been using malware and phishing to target activists, resulting in a human cost
- The attacks against Rona Wilson have been persistent and involve multiple apt groups
- The Arsenal reports provide insight into the evolution of the actor's techniques over the last decade
- The planted evidence in Wilson's machine was used to incriminate him and resulted in his imprisonment
- The attacks against Wilson have links to other Indian apt activity, including Operation Hangover and Pegasus
Abstract
It's easy to forget the human cost of state-sponsored threats operating with impunity. While we often think of espionage, intellectual property theft, or financial gain as the objectives of these cyber operations, there's a far more insidious motivation that flies under the radar– APTs fabricating evidence in order to frame and incarcerate vulnerable opponents. This talk focuses on the activities of ModifiedElephant, a threat actor operating for at least a decade with ties to the commercial surveillance industry. More importantly, we'll discuss how they've gone about incriminating activists who are locked up to this day despite forensic reports that show the evidence was planted. And if that's not concerning enough, we'll show how multiple regional threat actors were going after these same victims prior to their arrest. This cluster of activity represents a critically underreported dimension of how some governments are abusing technology to silence critics, and one that we hope will incense threat researchers into action.
Materials:
Tags: