Charged by an Elephant – An APT Fabricating Evidence to Throw You In Jail

Presented at Black Hat USA 2022, Aug. 11, 2022, 3:20 p.m. (40 minutes)

It's easy to forget the human cost of state-sponsored threats operating with impunity. While we often think of espionage, intellectual property theft, or financial gain as the objectives of these cyber operations, there's a far more insidious motivation that flies under the radar– APTs fabricating evidence in order to frame and incarcerate vulnerable opponents.

This talk focuses on the activities of ModifiedElephant, a threat actor operating for at least a decade with ties to the commercial surveillance industry. More importantly, we'll discuss how they've gone about incriminating activists who are locked up to this day despite forensic reports that show the evidence was planted. And if that's not concerning enough, we'll show how multiple regional threat actors were going after these same victims prior to their arrest. This cluster of activity represents a critically underreported dimension of how some governments are abusing technology to silence critics, and one that we hope will incense threat researchers into action.

Presenters:

• Juan Andrés Guerrero-Saade - Principal Threat Researcher, SentinelOne   as Juan Andres Guerrero-Saade
  Juan Andrés (JAG-S) leads research at SentinelLabs and is an Adjunct Professor of Strategic Studies at Johns Hopkins School of Advanced International Studies (SAIS). Juan Andrés was Chronicle Security's Research Tsar, founding researcher of the Uppercase team, and a stealth startup co-founder. Prior to joining Chronicle, he was Principal Security Researcher at Kaspersky's GReAT team focusing on targeted attacks and worked as Senior Cybersecurity and National Security Advisor to the Government of Ecuador. His joint work on Moonlight Maze is now featured in the International Spy Museum's permanent exhibit in Washington, DC. You can follow him on Twitter @juanandres_gs
• Tom Hegel - Senior Threat Researcher, SentinelOne
  Tom Hegel is a Senior Threat Researcher at SentinelLabs and focused on advancing cyber threat intelligence through his industry work, security publications, and humanitarian cybersecurity research which aims to help vulnerable communities, impacted businesses, and targeted individuals across many cultures. He is a successful publisher of numerous public disclosures on state-linked adversary groups, opportunistic crime groups, and various global events impacted by the technology threat landscape. Tom has investigated and provided aid against numerous targeted threat actors, and organized criminal groups, that have taken advantage of major global events to launch offensive campaigns against businesses and government agencies globally.

Links:

• https://www.blackhat.com/us-22/briefings/schedule/#charged-by-an-elephant--an-apt-fabricating-evidence-to-throw-you-in-jail-27207

Similar Presentations:

• VB2017 / Walking in your enemy's shadow: when fourth-party collection becomes attribution hell
• 33C3 (2016) / Million Dollar Dissidents and the Rest of Us: Uncovering Nation-State Mobile Espionage in the Wild
• 30C3 (2013) / To Protect And Infect: The militarization of the Internet