Security News > 2022 > January > ‘Elephant Beetle’ spends months in victim networks to divert transactions
The actors inject fraudulent transactions into the network and steal small amounts over long periods, leading to an overall theft of millions of dollars.
The actors need to conduct long-term surveillance and research, so the next primary goal is to remain undetected for several months.
"The Elephant Beetle thieves will also try and literally overwrite non-threatening files, as they slowly prepare for the true attack," details the Sygnia report.
After the first web server has been compromised, the threat actor uses a custom Java scanner that fetches a list of IP addresses for a specific port or HTTP interface.
Having identified potential internal server pivoting points, the actors use compromised credentials or RCE flaws to spread laterally to other devices in the network.
"The threat group moves laterally within the network mainly through web application servers and SQL servers, leveraging known techniques such as Windows APIs and 'xp cmdshell', combined with custom remote execution volatile backdoors." - Sygnia.