Arctic Wolf Labs has uncovered a sophisticated cyber-espionage campaign by Dropping Elephant targeting Turkey’s defense industry, utilizing social engineering and stealth techniques to exfiltrate sensitive data. This operation is likely driven by geopolitical tensions in the region, emphasizing the threat’s complexity and intent. #DroppingElephant #TurkishDefense
Keypoints
- The campaign targets a Turkish manufacturer of missile systems involved in hypersonic weapons development.
- Dropping Elephant employs weaponized conference invites, DLL side-loading, and custom loaders to evade detection.
- The initial attack starts with a malicious shortcut file that triggers PowerShell commands.
- Persistent malware uses legitimate software like VLC to execute stealthy DLLs and collect intelligence.
- The malware performs system reconnaissance, captures data, and exfiltrates information to command servers.