Researchers discovered a group of malicious threat actors named Elephant Beetle, specialising in financial theft operations and organised cybercrimes. The threat group patiently waits for months to observe and analyse their target’s network and surroundings, including financial transactions and abuse of unrepaired flaws.
The Elephant Beetle threat group focuses on legacy Java applications on Linux OS to obtain access into a network.
Instead of acquiring or creating a zero-day exploit, it targets common vulnerabilities that might have gone unnoticed or unrepaired. Additionally, the threat group releases its own unique Java Web Application on the target’s device while the machine operates the intentional compromised application.
Furthermore, the threat group leverages different strategies and weapons from approximately 80 tools and scripts to execute its campaign. They also obfuscate themselves by blending and adapting to their victims’ environment.
The unique thing about this threat group is that they operate extensive study and observation about their targets’ financial operations, transactions, and systems. Considering the long hours Elephant Beetle spend obfuscating themselves inside a network, they constantly adjust and change their strategies and approach to be undetectable. They also spoof legitimate packages disguised as standard network traffic.
The Elephant Beetle group can inject fraudulent operations among routine everyday activities, in the process of stealing millions of dollars over a given time.
Also, these threat actors steal small sums of money in increments, enabling them to remain obfuscated and unattractive to any suspicions from researchers or security solutions.
Although experts have monitored the threat group exclusively in the Latin Americas, it can still operate across six continents. They have also discovered proof that the threat group operates outside South America since a company based in the United States has its traces.
The threat group has proven to be a hostile threat due to its sophisticated nature and hiding capabilities. Elephant Beetle is patient and willing to allocate a large amount of their time to study their targets’ overall behaviour.