Dropping Elephant

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Dropping Elephant, also known as Patchwork or Monsoon, is a threat actor primarily targeting high-profile diplomatic and economic entities. This Indian Advanced Persistent Threat (APT) group was identified by Volexity in March and April 2018 conducting multiple spear phishing campaigns. The group's modus operandi includes the use of Chinese-themed content as bait to compromise target networks, as observed by Symantec Security Response. Dropping Elephant's activities have been closely monitored by cybersecurity firms such as Kaspersky Lab, which has detected artifacts related to this threat actor. The group employs two main infection vectors that revolve around an elaborately maintained social engineering theme – foreign relations with China. In the case of Dropping Elephant, the backdoor downloads encoded blobs that are then decoded to PowerShell command-line scripts. This unique approach has allowed the group to maintain its operations effectively. Recent analysis from Cymmetria provides further data about these attacks, highlighting the sophisticated nature of Dropping Elephant's strategies. Despite the significant threat it poses, the VB2023 paper titled "The Dropping Elephant never dropped" suggests an ongoing resilience of this APT group. Furthermore, recent observations from Unit 42 indicate continued campaigns against targets located in the Indian subcontinent. These findings underscore the importance of maintaining vigilance and robust cybersecurity measures to counter threats posed by groups like Dropping Elephant.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
MONSOON
1
Monsoon, also known as Neon or Viceroy Tiger, is a significant cybersecurity threat actor that has been active in the past several months. According to Unit 42, this group has been observed targeting government and military organizations in South Asia with spear-phishing emails containing letters or
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
China
Symantec
Apt
Backdoor
Phishing
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ChinastratsUnspecified
1
None
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Dropping Elephant Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
10 months ago
Virus Bulletin :: Teasing the secrets from threat actors: malware configuration extractors
MITRE
a year ago
Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent
MITRE
a year ago
Endpoint Protection - Symantec Enterprise
MITRE
a year ago
The Dropping Elephant – aggressive cyber-espionage in the Asian region
MITRE
a year ago
Patchwork APT Group Targets US Think Tanks