Israeli cybersecurity firm Sygnia has released a report exposing the activities of a global financial theft operation it has named Elephant Beetle, the company announced Wednesday.
Follow Israel Hayom on Facebook, Twitter, and Instagram
Sygnia's Incident Response (IR) team has spent two years tracking the Elephant Beetle threat group.
The report explains that Elephant Beetle targets legacy Java applications running on Linux-based machines as an initial means of entry. Then, over several months, uses over 80 unique tools and scripts to discreetly expand its foothold and study the internal financial systems of the compromised organization.
In a third phase, Elephant Beetle inputs fraudulent transactions that it hides among the organization's ongoing activity, stealing as much as millions of dollars over time.
Because relatively small amounts are stolen in each instance, the threat group has been able to operate virtually undetected.
The relatively small amounts of money stolen in each incremental instance allows the threat group to avert suspicion and operate virtually undetected, focused mainly in the Latin American market.
Sygnia warns that Elephant Beetle could expand its attacks to organizations worldwide. The company's experts have already identified a breach in the Latin American operations of a US-based company.
"Elephant Beetle is a significant threat due to its highly-organized nature and the stealthy pattern with which it intelligently learns victims' internal financial systems and operations," says Arie Zilberstein, VP of Incident Response at Sygnia.
"Even after initial detection, our experts have found that 'Elephant Beetle' is able to lay low, but remain deeply embedded in a compromised organization's infrastructures, enabling it to reactivate and continue stealing funds at any moment. Particularly in the wake of widespread vulnerabilities like Log4j that are dominating the industry conversation, organizations need to be apprised of this latest threat group and ensure their systems are prepared to prevent an attack," Zilberstein warns.
Subscribe to Israel Hayom's daily newsletter and never miss our top stories!
