Security News > 2022 > January > ‘Elephant Beetle’ Lurks for Months in Networks

Researchers have identified a threat group that's been quietly siphoning off millions of dollars from financial- and commerce-sector companies, spending months patiently studying their targets' financial systems and slipping in fraudulent transactions amongst regular activity.

The Sygnia Incident Response team has been tracking the group, which it named Elephant Beetle, aka TG2003, for two years.

In a Wednesday report, the researchers called Elephant Beetle's attack relentless, as the group has hidden "In plain sight" without the need to develop exploits.

In order to stay undetected for months at a time, Elephant Beetle lays low, engaged in low or no activity, and/or mimicks its surroundings by doing things like dropping the web shells into the resources folders of each web app, or by disguising themselves as fonts, images, CSS and JS resources, with similar names to original files in these folders - but with a '.

One of the tools that the group uses to scan internal networks 'p.j' was uploaded to VirusTotal from Argentina," Sygnia said.

Organizations would be well-advised to proactively hunt for Elephant Beetle IOCs and TTPs, which it listed in its report, within their networks.

News URL

https://threatpost.com/elephant-beetle-months-networks-financial/177393/