Security News > 2022 > January > Researchers Uncover Hacker Group Behind Organized Financial-Theft Operation

Researchers Uncover Hacker Group Behind Organized Financial-Theft Operation
2022-01-05 20:15

Cybersecurity researchers have taken the wraps of an organized financial-theft operation undertaken by a discreet actor to target transaction processing systems and siphon funds from entities primarily located in Latin America for at least four years.

The malicious hacking group has been codenamed Elephant Beetle by Israeli incident response firm Sygnia, with the intrusions aimed at banks and retail companies by injecting fraudulent transactions among benign activity to slip under the radar after an extensive study of the targets' financial structures.

"The attack is relentless in its ingenious simplicity serving as an ideal tactic to hide in plain sight, without any need to develop exploits," the researchers said in a report shared with The Hacker News, calling out the group's overlaps with another tracked by Mandiant as FIN13, an "Industrious" threat actor linked to data theft and ransomware attacks in Mexico stretching back as early as 2016.

"The unique modus operandi associated with the Elephant Beetle is their deep research and knowledge of victim's financial systems and operations and their persistent search for vulnerable methods to technically inject financial transactions, ultimately leading to major financial theft," Arie Zilberstein, vice president of incident response at Sygnia, told The Hacker News.

Zilberstein attributed the success of the campaign to the vast attack surface provided by legacy systems that are present in financial institutions' networks and can serve as entry points, thereby enabling attackers to gain a permanent foothold into target networks.

The adversary's modus operandi follows a low-profile pattern that begins with planting backdoors to study the victim's environment, specifically with an aim to understand the various processes used to facilitate financial transactions, followed by inserting rogue transactions of its own into the network that steal incremental amounts of money from the target to avoid setting off alarm.


News URL

https://thehackernews.com/2022/01/researchers-uncover-hacker-group-behind.html