Dropping Elephant APT Group Targets Turkish Defense Industry With New Campaign and Capabilities: LOLBAS, VLC Player, and Encrypted Shellcode

SUMMARY :

The Arctic Wolf Labs team has uncovered a new cyber-espionage campaign by the Dropping Elephant APT group targeting Turkish defense contractors. The attack leverages a five-stage execution chain delivered via malicious LNK files disguised as conference invitations. It uses legitimate binaries like VLC Media Player for defense evasion through DLL side-loading. The campaign demonstrates an evolution in the group's capabilities, transitioning from x64 DLL variants to x86 PE executables with enhanced command structures. The timing coincides with increased Turkey-Pakistan defense cooperation amid India-Pakistan tensions, suggesting geopolitical motives. The attack chain includes social engineering, PowerShell scripting, file obfuscation, and a custom remote access trojan for intelligence gathering.

OPENCTI LABELS :

apt,powershell,cyber-espionage,shellcode,turkey,dll side-loading,defense industry,vlc player,dropping elephant rat


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Dropping Elephant APT Group Targets Turkish Defense Industry With New Campaign and Capabilities: LOLBAS, VLC Player, and Encrypted Shellcode