Elephant Beetle Stealthy Hacker Group Stole Millions Undetected

All organizations, whether large or small, must have proper security in place to prevent and overcome cyber attacks. But what if the threat targeting an enterprise is so sophisticated and subtle that it is almost impossible to notice the intrusion until it is too late?

Well, meet Elephant Beetle – a financially motivated hacker group discovered in early 2022 that has stolen millions of dollars from various organizations so far.

So, how does this group carry out its attacks? Who is behind this? And more importantly, how can organizations protect themselves from this? Here’s everything you need to know.

Elephant Beetles: A Stealthily Threatened Group

Israeli cyber security firm Signia released a report in January 2022 revealing that a hacker group named Elephant Beetle extorted millions from financial sector businesses in Latin America.

Elephant beetles use a variety of sophisticated tactics to infiltrate an organization’s systems, look for vulnerabilities, and then hide from plain sight while launching an attack.

Once it has infiltrated an organization, the group creates backdoors and adapts its tools to carry out its attacks more efficiently when the time comes. This phase can last up to a month. Then, for an extended period – up to several months – attackers essentially blend into the background by mimicking it and looking for security holes in the target’s system.

When Elephant Beetle is finished collecting information, it doesn’t just wind its way through the cyber infrastructure of the target organization. Instead, the group quietly and surreptitiously conducts fraudulent transactions that mimic legitimate behavior, and slowly steal millions from the victim.

To execute its Java-based attacks, the elephant beetle uses a wide arsenal of more than 80 unique tools and scripts, the researchers wrote in their report. The amount of money stolen in a single transaction is so insignificant that it is almost completely unnoticeable, but over time the transactions add up to millions of dollars.

According to Signia, if an affected organization discovers and stops the Elephant Beetle, it remains down for several months and then attacks a different system. The group has allegedly stolen millions of dollars from unsuspecting companies over the years.

Who is behind the elephant beetle?

Signia could not determine who exactly is behind the Elephant Beetle, but there is almost certainly a connection between the group and Spanish-speaking countries. After analyzing keywords and phrases used by elephant beetles, the researchers established that the group used, for example, the Spanish word for elephant (elephant) for a code variable.

Furthermore, the group named one of its output files “windows_para_linux”, which suggests that its members speak Spanish. And one of the tools used by the elephant beetle was uploaded to VirusTotal, a popular malware-scanning platform from Argentina.

Additionally, evidence suggests that Elephant Beetle has ties to Mexico as most of the C2 IPs (command and control servers) used by it are from Mexico.

The group has primarily focused on Latin American companies, but one of its victims was a US-based company in Latin America. However, as the Signia researchers noted, this does not suggest that organizations located elsewhere are safe.

Defense Against the Elephant Beetle

According to Signia, there are several steps you can take to protect your systems against elephant beetles and similar threat groups.

For starters, it is imperative to keep all operating systems up to date and use different passwords for different servers or administrative interfaces. In addition, organizations should regularly monitor .class files—these are Java files that contain bytecode that can be executed on the Java Virtual Machine.

In general, every organization that maintains its cyber security hygiene should define clear security protocols for each segment of its business, educate its employees, monitor emerging threats, conduct regular audits and all Important data should be backed up.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button