All organizations, whether large or small, should have proper security in place in order to prevent and fend off cyberattacks. But what if the threat actor targeting an enterprise is so sophisticated and subtle that it is almost impossible to notice infiltration until it’s too late?
Well, meet Elephant Beetle—a financially motivated hacker group discovered in early 2022 that has stolen millions of dollars from various organizations so far.
So, how does this group carry out its attacks? Who is behind it? And most importantly, how can organizations protect themselves against it? Here’s everything you need to know.
Elephant Beetle: A Stealthy Threat Group
Israeli cybersecurity firm Sygnia released a report in January 2022 revealing that a hacker group dubbed Elephant Beetle siphoned off millions from businesses in the financial sector in Latin America.
Elephant Beetle uses various sophisticated tactics to hide in plain sight as it infiltrates an organization’s systems, observes its vulnerabilities, and then strikes.
Once it infiltrates an organization, the group builds backdoors and customizes its tools to carry out its attacks more efficiently when the time comes. This phase can last up to a month. Then, for a prolonged period—up to several months—the attackers simply blend into the background by essentially mimicking it and seek for security holes in the target’s system.
When Elephant Beetle finishes gathering information, it doesn’t just force its way through a target organization’s cyberinfrastructure. Instead, the group quietly and stealthily creates fraudulent transactions, which mimic legitimate behavior, and slowly steals millions from the victim.
To carry out its Java-based attacks, Elephant Beetle uses a wide arsenal of more than 80 unique tools and scripts, the researchers wrote in their report. The amount of money stolen in a single transaction is so insignificant that it is almost completely unnoticeable, but the transactions add up to millions of dollars over time.
According to Sygnia, if an affected organization discovers and stops Elephant Beetle, it lies low for several months and then attacks a different system. The group has reportedly stolen millions of dollars from unsuspecting companies over the years.
Who Is Behind Elephant Beetle?
Sygnia could not determine who exactly is behind Elephant Beetle, but there is almost certainly a connection between the group and Spanish-speaking countries. After analyzing the keywords and phrases Elephant Beetle uses, the researchers established that the group uses, for example, the Spanish word for elephant (elephante) for a code variable.
Moreover, the group named one of its output files “windows_para_linux,” suggesting that its members speak Spanish. And one of the tools Elephant Beetle uses was uploaded to the popular malware-scanning platform VirusTotal from Argentina.
Additionally, evidence suggests that Elephant Beetle has a connection to Mexico since most of the C2 IPs (command and control servers) it has used are from Mexico.
The group has primarily focused on Latin American companies, but one of its victims was a US-based company with a branch in Latin America. However, as Sygnia’s researchers noted, this does not suggest that organizations based elsewhere are safe.
Defend Against Elephant Beetle
According to Sygnia, there are several steps organizations can take to defend their systems against Elephant Beetle and similar threat groups.
For starters, it is imperative to keep all operating systems up to date and use different passwords for different servers or administrative interfaces. Moreover, organizations should monitor .class files regularly—these are Java files that contain bytecode that can be executed on the Java Virtual Machine.
In general, every organization that maintains its cybersecurity hygiene should define clear security protocols for every segment of its business, educate its employees, keep an eye on emerging threats, conduct regular audits, and back up all important data.
Need know when your business is under cyberattack? You need an intrusion detection and prevention system.
About The Author