Sygnia announced that it has released its comprehensive report uncovering an organized financial-theft operation it has termed Elephant Beetle.
For the past two years, the Incident Response (IR) team has been methodically tracking the Elephant Beetle threat group.
The impact of Elephant Beetle
- The threat group primarily targets legacy Java applications running on Linux-based machines as its initial means of entry.
- Over a period of several months, the threat group then uses an arsenal of more than 80 unique tools and scripts to patiently and discreetly expand its foothold and study the compromised organization’s internal financial systems.
- From there, Elephant Beetle injects fraudulent transactions hidden among regular activity, ultimately stealing millions of dollars over time. The relatively small amounts of money stolen in each incremental instance allows the threat group to avert suspicion and operate virtually undetected.
The expansion potential of this organized financial-theft operation
While chiefly focused in the Latin American market, Elephant Beetle has the potential to expand its attacks to organizations worldwide, with experts already discovering a breach in the Latin American operations of a U.S.-based company.
“Elephant Beetle is a significant threat due to its highly organized nature and the stealthy pattern with which it intelligently learns victims’ internal financial systems and operations,” said Arie Zilberstein, VP of Incident Response at Sygnia.
“Even after initial detection, our experts have found that “Elephant Beetle” is able to lay low, but remain deeply embedded in a compromised organization’s infrastructures, enabling it to reactivate and continue stealing funds at any moment. Particularly in the wake of widespread vulnerabilities like Log4j that are dominating the industry conversation, organizations need to be apprised of this latest threat group and ensure their systems are prepared to prevent an attack.”