I guess the old saying ‘the artisan is only as good as his tools’ can’t really be applied to this hacker (or group of hackers) from India.
Kaspersky Lab has revealed, after a tip from a partner, that someone from India is using what can only be described as fairly primitive tools, to do some quite advanced cyber-espionage. ‘Simple, yet effective’ is how Kaspersky describes it. The state doesn’t seem to be involved.
It is targeting multiple diplomatic and government entities, particularly targeting China and its international affairs, security researchers said.
The ‘Dropping Elephant‘, aka ‘Chinastrats’ uses spear phishing techniques, combined with CVE-2012-0158 exploits in Microsoft Word files, or CVE-2014-6352 vulnerability in Microsoft PowerPoint slides.
“Both exploits are public and have been known for a long time, but are still effective,” Kaspersky Lab says.
They also use the so-called ‘watering hole’ attack – they send the victim a link to a news portal focused on China external affairs. The majority of the links lead to additional PowerPoint files with malicious code inside.
If the attack is successful, the attackers install a bunch of malicious tools.
These tools then collect and send attackers the following types of data: Word documents, Excel spreadsheets, PowerPoint presentations, PDF files, login credentials saved in the browser.
“Despite using such simple and affordable tools and exploits, the team seems capable of retrieving valuable intelligence information, which could be the reason why the group expanded in May 2016. The expansion also suggests that it is not going to end its operations anytime soon. Organisations and individuals that match this actor’s target profile should be especially cautious. The good news is that this group hasn’t yet been spotted using really sophisticated, hard-to-detect tools. This means that their activity is relatively easy to identify. This can of course change at any time.” – said Vitaly Kamluk, Head of Research Center in APAC, GReAT, Kaspersky Lab.