Organizations running old Java (opens in new tab) apps on their systems could end up having their networks targeted and infiltrated by a financially motivated threat group known as 'Elephant Beetle' or TG2003.
The Incident Response (IR) team at the cybersecurity firm Sygnia has spent the past two years tracking Elephant Beetle as the group preyed on organizations in the finance and commerce sectors in Latin America according to a new blog post (opens in new tab).
Elephant Beetle is a sophisticated threat actor which wields an arsenal of over 80 unique tools and scripts in its attacks. To make matters worse, the group patiently executes its attacks over long periods of time by blending in with a target's environment and going completely undetected while stealing large amounts of money from unsuspecting organizations.
Although Elephant Beetle appears to primarily focus on organizations in Latin America, that doesn't mean businesses based in other regions are safe. For instance, Sygnia's IR team discovered that the Latin American operations of a US-based company had been breached by the group which means both regional and global organizations should be on the lookout.
Elephant Beetle is highly proficient in Java-based attacks according to Sygnia and in many cases, it targets legacy Java applications running on Linux (opens in new tab) systems as a means of initial entry into an organization's environment. At the same time, the group even goes as far as deploy its own complete Java web application on victim machines to do its bidding while these machines also run legitimate applications.
In the first phase of an attack which can last up to a month, Elephant Beetle focuses on building operational cyber capabilities in a compromised environment. During this time, the group studies the digital landscape of an organization's network and plants backdoors (opens in new tab) while also customizing its tools to work within the environment.
From here, Elephant Beetle spends several months studying a victim's environment focusing on its financial operations and identifying any flaws. The group also observes a victim's software and infrastructure to understand the technical process of their legitimate financial transactions. Elephant Beetle then creates fraudulent transactions in the environment and although they may seem insignificant in terms of the amounts stolen, over time they can add up to millions of dollars.
In addition to being patient, the group is also quick to retreat and lay low for a few months if any theft activity is discovered and blocked. Afterwards, Elephant Beetle returns several months later and targets a different system.
We'll likely hear more about Elephant Beetle and its activities as Sygnia continues to monitor the group. Until then, organizations running Java applications on their systems should ensure their security protocols and software are up to date to avoid being targeted.