Security News > 2022 > February > Cybercrooks Frame Targets by Planting Fabricated Digital Evidence

Threat actors are hijacking the devices of India's human rights lawyers, activists and defenders, planting incriminating evidence to set them up for arrest, researchers warn.

Arsenal Consulting's digital analysis shows that the file - one of the more incriminating pieces of data seized by police - was one of many files delivered via a NetWire RAT remote session associated with ModifiedElephant.

"Further analysis showed how ModifiedElephant was performing nearly identical evidence creation and organization across multiple unrelated victim systems within roughly fifteen minutes of each other," according to SentinelLabs' detailed report.

If the notion of a threat actor tampering with evidence sounds familiar, it might be because ModifiedElephant's tactics have precedence, Guerrero-Saade tweeted.

The fabricated files were later used as evidence of terrorism and justification for jailing journalists.

"A threat actor willing to frame and incarcerate vulnerable opponents is a critically underreported dimension of the cyber threat landscape that brings up uncomfortable questions about the integrity of devices introduced as evidence," SentinelOne's Hegel pointed out in Wednesday's post.

News URL

https://threatpost.com/cybercrooks-frame-targets-plant-incriminating-evidence/178384/