Organizations running outdated Java apps on their systems may find their networks targeted and infiltrated by a financially motivated threat group known as ‘elephant beetles’ or TG2003.
The Incident Response (IR) team at cybersecurity firm Signia has spent the past two years tracking elephant beetles as the group hunts organizations in the finance and commerce sectors in Latin America, according to a new blog post.
The Elephant Beetle is a sophisticated threat actor who wields an arsenal of over 80 unique tools and scripts in his attacks. To make matters worse, the group patiently ignores their attacks altogether by blending them with the target’s environment for long periods of time and stealing vast amounts of money from unsuspecting organizations.
Although Elephant Beetle primarily focuses on organizations in Latin America, this does not mean that businesses located in other regions are safe. For example, Signia’s IR team found that the US-based company’s Latin American operations were infringed by the group, meaning both regional and global organizations should be on the lookout.
java based attack
According to Signia the elephant beetle is highly skilled at Java-based attacks and, in many cases, it targets legacy Java applications running on Linux systems as a means of early entry into an organization’s environment. In addition, the group also deploys its entire Java web application on the victim machines to do its bidding, while these machines also run legitimate applications.
In the first phase of an attack, which can last up to a month, Elephant Beetle focuses on building operational cyber capabilities in a compromised environment. During this time, the group studies the digital landscape of an organization’s network and backdoors, customizing its equipment to operate within the environment.
From here, the elephant beetle spends several months focusing on its financial operations and studying the victim’s environment to identify any defects. The group also inspects the software and infrastructure of victims to understand the technical process of legitimate financial transactions. The elephant beetle then makes fraudulent transactions in the environment and although they may seem insignificant in terms of the amount stolen, over time they can add up to millions of dollars.
In addition to being patient, if any stolen activity is detected and blocked, the group is also quick to retreat and lie down for a few months. Later, the elephant beetle returns several months later and targets a different system.
We’ll hear more about the Elephant Beetle and its movements as Signia continues to monitor the group. Until then, organizations running Java applications on their systems should ensure that their security protocols and software are up to date to avoid being targeted.
we have scored best antivirus, best malware removal software And best endpoint protection software