Bhima Koregaon case: Activist Rona Wilson was targeted by two separate hacker groups, says report
One of the groups has reportedly been linked to cyberespionage efforts against military targets in China and Pakistan.
Activist Rona Wilson, who has been named as an accused person in the Bhima Koregaon case, was targeted by two separate groups of hackers before he was arrested, The Washington Post reported on Thursday.
One of the groups has reportedly been linked to cyberespionage efforts against military targets in China and Pakistan, the newspaper said, citing a report by California-based cybersecurity company SentinelOne.
According to the report, one of the groups that carried out the hacking, referred to as ModifiedElephant by SentinelOne, allegedly planted documents on Wilson’s device.
In February 2021, a United States-based digital forensics company, Arsenal Consulting, had stated that an attacker used malware to infiltrate Wilson’s laptop and deposited at least ten incriminating letters on it. These included a purported letter to a Maoist militant discussing the need for guns and ammunition, and even urging the banned group to assassinate Prime Minister Narendra Modi.
SentinelOne identified the other hacking group that targeted the activist as SideWinder. International cybersecurity experts have tracked operations of SideWinder against targets in Pakistan and China, The Washington Post noted.
While SentinelOne does not state who carried out the attacks or who ordered them, it noted that the activity of ModifiedElephant in this instance “aligns sharply with Indian state interests”.
“Two separate groups going after the same target suggests they were tasked with the job by the same entity,” The Washington Post quoted Juan Andres Guerrero-Saade, a co-author of the California-based firm’s report, as saying.
Wilson reportedly received dozens of e-mails – some from other activists and some disguised as news articles – that had malware meant to infiltrate his computer.
Meanwhile, the report by SentinelOne also stated that ModifiedElephant had shared web domains with a hacking group named Hangover. According to the California-based firm, Hangover had earlier targeted businesses and national security interests in Pakistan, Europe and the United States.
A web domain is an address of a web page that replaces the Internet Protocol address, or IP address. It is aimed at helping internet users find a website.
The National Investigation Agency, which is conducting an inquiry into the Bhima Koregaon case, has not yet spoken about the report.
Bhima Koregaon case
The Bhima Koregaon case pertains to caste violence in a village near Pune in 2018. As many as 16 people were arrested for allegedly plotting the violence.
The first chargesheet in the case was filed by the Pune Police in November 2018, which ran to over 5,000 pages. It had named Wilson, along with other activists and academicians Surendra Gadling, Sudhir Dhawale, Shoma Sen and Mahesh Raut.
A supplementary chargesheet was filed later in February 2019, against poet-activist Varavara Rao, lawyer Sudha Bharadwaj, activists Arun Ferreira and Vernon Gonsalves and banned Communist Party of India (Maoist) leader Ganapathy.
The accused were charged with “waging war against the nation” and spreading the ideology of the Communist Party of India (Maoist), besides creating caste conflicts and hatred in the society.
The Centre transferred the case to the National Investigation Agency in January 2020.
Recently, Wilson was among seven accused persons who wrote to a Supreme Court-appointed committee on the Pegasus spyware. The accused persons expressed apprehensions that their phones may have been hacked by the Israeli spyware.
On February 8, the Supreme Court allowed the National Investigation Agency to submit the phones of the seven persons to the committee.