216.73.217.139

Dropping Elephant APT Group Targets Turkish Defense Industry With New Campaign and Capabilities: LOLBAS, VLC Player, and Encrypted Shellcode

· Published 23/07/2025 23:31 · Modified 24/07/2025 09:06

Export JSON

Essential information

Published
23/07/2025 23:31
Modified
24/07/2025 09:06
Tags
2025-07-23 apt cyber espionage defense industry dll side-loading dropping elephant rat powershell shellcode turkey vlc player
Related entities
3 vulnerabilities (cve), 10 observables, 1 intrusion sets (apt), 16 techniques (mitre), 1 malware, 1 others

Description

The Arctic Wolf Labs team has uncovered a new cyber-espionage campaign by the Dropping Elephant group targeting Turkish defense contractors. The attack leverages a five-stage execution chain delivered via malicious LNK files disguised as conference invitations. It uses legitimate binaries like VLC Media Player for defense evasion through . The campaign demonstrates an evolution in the group's capabilities, transitioning from x64 DLL variants to x86 PE executables with enhanced command structures. The timing coincides with increased -Pakistan defense cooperation amid India-Pakistan tensions, suggesting geopolitical motives. The attack chain includes social engineering, scripting, file obfuscation, and a custom remote access trojan for intelligence gathering.

External references