"Cybersecurity Researchers Warn About Cyberattacks by 'Elephant Beetle'"

Researchers at the cybersecurity company Sygnia have detailed a highly organized and stealthy cybercriminal operation dubbed 'Elephant Beetle.' The Elephant Beetle threat group has stolen millions of dollars from financial organizations, primarily focusing on organizations in Latin America. The researchers warn that the campaign could expand its attacks to organizations globally. According to the researchers, the actors behind the attacks take their time to examine compromised victims' financial systems to create fraudulent transactions hidden in regular activity, adding up to millions of dollars being stolen. The threat group uses legacy Java applications running on Linux-based machines and web servers as an initial entry point as such applications likely contain unpatched vulnerabilities. The vulnerabilities exploited by Elephant Beetle to gain network access are Primefaces Application Expression Language Injection, WebSphere Application Server SOAP Deserialization Exploit, SAP NetWeaver Invoker Servlet Exploit, and SAP NetWeaver ConfigServlet Remote Code Execution. The initial payload is an obfuscated web shell-enabling remote code execution or a sequence of exploitations that run different commands on the target machine. Elephant Beetle uses more than 80 unique tools and scripts to conduct the attacks and identify additional security flaws while hiding inside networks for months at a time. The attackers focus on smaller transactions to avoid suspicion, but all the transactions against victims add up to millions of dollars. Phrases and keywords used in code involved in Elephant Beetle incidents suggest that the actors behind the attacks are Spanish-speaking. Researchers have also noted that many of the command-and-control (C2) servers used by Elephant Beetle appear to be in Mexico. This article continues to discuss findings surrounding the organized financial-theft operation, Elephant Beetle. 

ZDNet reports "Cybersecurity Researchers Warn About Cyberattacks by 'Elephant Beetle'"

Submitted by Anonymous on