Charged by an Elephant – An APT Fabricating Evidence to Throw You In Jail presented at Black Hat USA 2022

by Juan Hegel,

Tags: Privacy Malware


Summary : It's easy to forget the human cost of state-sponsored threats operating with impunity. While we often think of espionage, intellectual property theft, or financial gain as the objectives of these cyber operations, there's a far more insidious motivation that flies under the radar– APTs fabricating evidence in order to frame and incarcerate vulnerable opponents. This talk focuses on the activities of ModifiedElephant, a threat actor operating for at least a decade with ties to the commercial surveillance industry. More importantly, we'll discuss how they've gone about incriminating activists who are locked up to this day despite forensic reports that show the evidence was planted. And if that's not concerning enough, we'll show how multiple regional threat actors were going after these same victims prior to their arrest. This cluster of activity represents a critically underreported dimension of how some governments are abusing technology to silence critics, and one that we hope will incense threat researchers into action.