Cybersecurity researchers have taken the wraps of an organized financial-theft operation undertaken by a discreet actor to target transaction processing systems and siphon funds from entities primarily located in Latin America for at least four years.
The malicious hacking group has been codenamed Elephant Beetle by Israeli incident response firm Sygnia, with the intrusions aimed at banks and retail companies by injecting fraudulent transactions among benign activity to slip under the radar after an extensive study of the targets’ financial structures.
“The attack is relentless in its ingenious simplicity serving as an ideal tactic to hide in plain sight, without any need to develop exploits,” the researchers said in a report shared with The Hacker News, calling out the group’s overlaps with another tracked by Mandiant as FIN13, an “industrious” threat actor linked to data theft and ransomware attacks in Mexico stretching back as early as 2016.
Elephant Beetle is said to leverage an arsenal of no fewer than 80 unique tools and scripts to execute its attacks, while simultaneously taking steps to blend in with the victim’s environment over long periods to achieve its objectives.
“The unique modus operandi associated with the Elephant Beetle is their deep research and knowledge of victim’s financial systems and operations and their persistent search for vulnerable methods to technically inject financial transactions, ultimately leading to major financial theft,” Arie Zilberstein, vice president of incident response at Sygnia, told The Hacker News. “Given the long period of persistence this group has in victim’s networks, they often change and adapt their techniques and tooling to continue to be relevant.”
images from Hacker News