Dropping Elephant APT Group Targets Turkish Defense Industry With New Campaign and Capabilities: LOLBAS, VLC Player, and Encrypted Shellcode

Description

The Arctic Wolf Labs team has uncovered a new cyber-espionage campaign by the Dropping Elephant APT group targeting Turkish defense contractors. The attack leverages a five-stage execution chain delivered via malicious LNK files disguised as conference invitations. It uses legitimate binaries like VLC Media Player for defense evasion through DLL side-loading. The campaign demonstrates an evolution in the group's capabilities, transitioning from x64 DLL variants to x86 PE executables with enhanced command structures. The timing coincides with increased Turkey-Pakistan defense cooperation amid India-Pakistan tensions, suggesting geopolitical motives. The attack chain includes social engineering, PowerShell scripting, file obfuscation, and a custom remote access trojan for intelligence gathering.