Security News > 2022 > February > Hacking group 'ModifiedElephant' evaded discovery for a decade
Researchers at SentinelLabs in a report today detail the tactics of ModifiedElephant explaining how recently published evidence helped them attribute previously "Orphan" attacks.
ModifiedElephant has relied on spear-phishing emails with malicious attachments for over a decade now, but their techniques have evolved throughout that time.
2015 - group moves to password-protected RAR attachments containing legitimate lure documents that overlay the signs of malware execution.
ModifiedElephant hasn't been observed using any custom backdoors throughout its operational record, so the particular group doesn't appear to be very sophisticated.
The Visual Basic keylogger used by ModifiedElephant has remained the same since 2012, and it's been freely available on hacking forums all these years.
The SentinelLabs report makes several correlations between the timing of specific ModifiedElephant attacks and the arrest of targets that followed shortly after.