Dropping Elephant

Dropping Elephant, also known as Patchwork or Monsoon, is a threat actor primarily targeting high-profile diplomatic and economic entities. This Indian Advanced Persistent Threat (APT) group was identified by Volexity in March and April 2018 conducting multiple spear phishing campaigns. The group's modus operandi includes the use of Chinese-themed content as bait to compromise target networks, as observed by Symantec Security Response. Dropping Elephant's activities have been closely monitored by cybersecurity firms such as Kaspersky Lab, which has detected artifacts related to this threat actor. The group employs two main infection vectors that revolve around an elaborately maintained social engineering theme – foreign relations with China. In the case of Dropping Elephant, the backdoor downloads encoded blobs that are then decoded to PowerShell command-line scripts. This unique approach has allowed the group to maintain its operations effectively. Recent analysis from Cymmetria provides further data about these attacks, highlighting the sophisticated nature of Dropping Elephant's strategies. Despite the significant threat it poses, the VB2023 paper titled "The Dropping Elephant never dropped" suggests an ongoing resilience of this APT group. Furthermore, recent observations from Unit 42 indicate continued campaigns against targets located in the Indian subcontinent. These findings underscore the importance of maintaining vigilance and robust cybersecurity measures to counter threats posed by groups like Dropping Elephant.