Leading Israeli cybersecurity firm Sygnia announced on Wednesday that it has discovered a financial fraud group that has been targeting global enterprises.
The cyber-thieves, dubbed “Elephant Beetle,” are primarily active in South America, though Sygnia warns they could expand attacks to organizations worldwide, as experts have already discovered a breach in the Latin American branch of a US-based company.
“Elephant Beetle is a significant threat due to its highly-organized nature and the stealthy pattern with which it intelligently learns victims’ internal financial systems and operations,” said Arie Zilberstein, VP of Incident Response at Sygnia.
The team has been methodically tracking the Elephant Beetle threat group over the last two years. After review, they discovered that the group primarily targets older Java applications running on Linux-based machines, then uses an arsenal of more than 80 unique tools and scripts to study a compromised organization’s internal financial systems.
After deeply studying and understanding their victim’s financial systems, the Elephant Beetle hackers inject malware that creates fraudulent small-sum transactions – hidden among regular activity – that ultimately steal millions of dollars over time. The relatively small amounts of money stolen in each transaction allows the group to avert suspicion and operate virtually undetected.
“Even after initial detection, our experts have found that Elephant Beetle is able to lay low, but remain deeply embedded in a compromised organization’s infrastructures, enabling it to reactivate and continue stealing funds at any moment,” Zilberstein said.
“Particularly in the wake of widespread vulnerabilities like Log4j that are dominating the industry conversation, organizations need to be apprised of this latest threat group and ensure their systems are prepared to prevent an attack.”