Security experts at NETSCOUT Threat Intelligence team uncovered a credential harvesting campaign, tracked as LUCKY ELEPHANT, targeting mostly South Asian governments.
The campaign was discovered in early March 2019, threat actors behind the LUCKY ELEPHANT campaign use doppelganger webpages to mimic legitimate entities such as foreign governments, telecommunications, and military.
According to the experts, threat actors carried out a phishing campaign to lure victims to the websites and provide their credentials, at the time of writing the researchers did not detect any malware associated with
LUCKY ELEPHANT campaign.
The list of the organizations mimicked by hackers includes entities in Pakistan, Bangladesh, Sri Lankan, Maldives, Myanmar, and Nepal.
According to the ASERT, the LUCKY ELEPHANT campaign was carried out by an Indian APT group.
“The targets are typical of known Indian APT activity and the infrastructure was previously used by an Indian APT group. Phishing and credential theft
“One of the IP addresses, 128.127.105
Experts discovered two active IP addresses (128.127.105
Below the key findings published by the experts:
“The actors behind LUCKY ELEPHANT recognize the effectiveness and use doppelganger webpages nearly identical to legitimate sites, enticing users to input their credentials. It is unclear exactly how effective and widespread this campaign is at gathering credentials, as well as how any compromised credentials are being used.” concludes ASERT.
“However, it is clear is that the actors are actively establishing infrastructure and are targeting governments in South Asia.”