An American Agency, SentinelOne recently found that a hacking group ModifiedElephant had allegedly planted incriminating evidence on the personal devices of Indian human rights activists, journalists, human rights defenders, lawyers and academics. In this article, you will learn about the issue, what Modified Elephant is and how it affects the victim’s devices.
This article will help you immensely in preparing such topics for the IAS exam, especially the mains exam, where a well-rounded understanding of topics is a prerequisite for writing answers that fetch good marks. This topic becomes part of the GS Paper-3 under Security.
What is the issue?
The operators of the Modified Elephant used to infect their targets using spear-phishing emails with malicious file attachments. They have been doing this for over the last decade. Thus, over time their techniques got more sophisticated, and it was harder to track them.
- What is Spear Phishing?
Spear Phishing is a practice of sending emails to targets that look like they originated from a trusted source to either reveal important information or install different kinds of malware on their computer systems.
- To deliver malware to their target files, Modified Elephant weaponized malicious Microsoft Office files. The specific method and payload included in the malicious files have been changing over the years.
The topic can be asked as a Current Affairs Question in IAS Prelims. Visit the linked article to attempt GK and Current Affairs Quiz.
To read about Important International and National Days, read the linked article. Such days and events become very essential for UPSC Prelims.
Who or what is ModifiedElephant?
ModifiedElephant has been operating for years. According to the report, the group operates in an overcrowded target space where multiple actors target the same victims. They were able to evade research attention and detection due to their limited scope of operations, the mundane nature of their tools, and their regionally-specific targeting. They made specific groups and individuals their targets. Their involvement is also confirmed by the report in the Bhima Koregaon case of 2018.
What does ModifiedElephant do to its victims’ devices?
- The group malware their targets mostly through emails. However, ModifiedElephant also sent android malware to its victims.
- The two primary malware families deployed by ModifiedElephant are NetWire and DarkComet.
- NetWire and DarkComet are two publicly-available remote access trojans (RATs).
What are NetWire and DarkComet?
- NetWire- Netwire is a RAT that focuses on stealing passwords and keylogging with remote control capabilities.
- DarkComet– DarkComet is another RAT that can take control of a user’s system using a convenient graphical user interface. It can spy on the user using screen captures, key-logging or password stealing.
Read about Computer viruses and their types in the linked article.
How to protect your devices from ModifiedElephant?
It’s not possible to build a bulletproof defence against such attacks at an individual level, only suitable precautions, if taken properly, can help to reduce susceptibility to such attacks.
- Usage of multifactor authentication (MFA) to ensure the security of you or your associates’ email IDs and other accounts. MFA needs two pieces of information, a password and a randomly generated token, in order to log in to a system or account. As one weak link in a chain is enough to compromise the security of all, MFA could help protect the first weak link to ensure the security of all.
- Educating everyone around about the dangers of cyberattacks such as spear phishing and keeping a vigilant eye about the emails from known and unknown sources is very important in ensuring security against these cyberattacks.
- Encryption of any sort of file or document while sharing over the internet is an essential security measure. This helps, as attackers often use legitimate documents in order to trick their targets into downloading files that contain a malware payload. If they don’t have access to such files, packaging malware in such documents won’t be possible in the first place.
- Being alert and aware of one’s digital behaviour is the only key to remaining safe from online fraud. If you see something suspicious, even if it comes from a trusted source, confirm with them to ensure that it was indeed sent by the trusted source.
Read about the difference between a Virus and a Worm in the linked article.
What is Malware?
Malware is software designed to perform an unwanted illegal act using the computer network. Based on how they get executed, spread or what they do, they can be classified into further groups. Some of them are discussed below:
- Virus is a program that can infect other programs by modifying them to include a possibly evolved copy of itself.
- Worms are malicious programs that copy themselves from system to system, rather than infiltrating legitimate files. They disseminate through computer networks.
- Trojan or Trojan Horses are used to creating back-door access into a secure network of computers so that a hacker can have access to the secure network. Trojans are the programs that generally impair the security of a system.
- Spyware invades a computer and monitors a user’s activities without consent.
Read about the Difference between Virus and Malware in the linked article.
Note: As UPSC 2022 approaches, use BYJU’S free Daily Video Analysis of The Hindu Newspaper to augment your preparation.