Dropping Elephant

Threat Actor Profile Updated 24 days ago
Download STIX
Preview STIX
Dropping Elephant, also known as Patchwork or Monsoon, is a threat actor primarily targeting high-profile diplomatic and economic entities. This Indian Advanced Persistent Threat (APT) group was identified by Volexity in March and April 2018 conducting multiple spear phishing campaigns. The group's modus operandi includes the use of Chinese-themed content as bait to compromise target networks, as observed by Symantec Security Response. Dropping Elephant's activities have been closely monitored by cybersecurity firms such as Kaspersky Lab, which has detected artifacts related to this threat actor. The group employs two main infection vectors that revolve around an elaborately maintained social engineering theme – foreign relations with China. In the case of Dropping Elephant, the backdoor downloads encoded blobs that are then decoded to PowerShell command-line scripts. This unique approach has allowed the group to maintain its operations effectively. Recent analysis from Cymmetria provides further data about these attacks, highlighting the sophisticated nature of Dropping Elephant's strategies. Despite the significant threat it poses, the VB2023 paper titled "The Dropping Elephant never dropped" suggests an ongoing resilience of this APT group. Furthermore, recent observations from Unit 42 indicate continued campaigns against targets located in the Indian subcontinent. These findings underscore the importance of maintaining vigilance and robust cybersecurity measures to counter threats posed by groups like Dropping Elephant.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Dropping Elephant Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
The Dropping Elephant – aggressive cyber-espionage in the Asian region
MITRE
a year ago
Endpoint Protection - Symantec Enterprise
CERT-EU
8 months ago
Virus Bulletin :: Teasing the secrets from threat actors: malware configuration extractors
MITRE
a year ago
Patchwork APT Group Targets US Think Tanks
MITRE
a year ago
Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent