Israeli cybersecurity firm Sygnia uncovers financial fraud operation

The cyber-thieves, dubbed “Elephant Beetle,” inject malware into a victim's financial systems that creates fraudulent small-sum transactions that have added up to millions in stolen funds.

 People pose in front of a display showing the word 'cyber' in binary code, in this picture illustration taken in Zenica December 27, 2014. Picture taken December 27, 2014. (photo credit: REUTERS/DADO RUVIC/FILE PHOTO)
People pose in front of a display showing the word 'cyber' in binary code, in this picture illustration taken in Zenica December 27, 2014. Picture taken December 27, 2014.
(photo credit: REUTERS/DADO RUVIC/FILE PHOTO)

Leading Israeli cybersecurity firm Sygnia announced on Wednesday that it has discovered a financial fraud group that has been targeting global enterprises.

The cyber-thieves, dubbed “Elephant Beetle,” are primarily active in South America, though Sygnia warns they could expand attacks to organizations worldwide, as experts have already discovered a breach in the Latin American branch of a US-based company.

“Elephant Beetle is a significant threat due to its highly-organized nature and the stealthy pattern with which it intelligently learns victims’ internal financial systems and operations,” said Arie Zilberstein, VP of Incident Response at Sygnia.

Arie Zilberstein, Sygnia's VP of Incident Response. (credit: Courtesy)Arie Zilberstein, Sygnia's VP of Incident Response. (credit: Courtesy)

The team has been methodically tracking the Elephant Beetle threat group over the last two years. After review, they discovered that the group primarily targets older Java applications running on Linux-based machines, then uses an arsenal of more than 80 unique tools and scripts to study a compromised organization’s internal financial systems.

After deeply studying and understanding their victim’s financial systems, the Elephant Beetle hackers inject malware that creates fraudulent small-sum transactions – hidden among regular activity – that ultimately steal millions of dollars over time. The relatively small amounts of money stolen in each transaction allows the group to avert suspicion and operate virtually undetected.

“Even after initial detection, our experts have found that Elephant Beetle is able to lay low, but remain deeply embedded in a compromised organization’s infrastructures, enabling it to reactivate and continue stealing funds at any moment,” Zilberstein said.

“Particularly in the wake of widespread vulnerabilities like Log4j that are dominating the industry conversation, organizations need to be apprised of this latest threat group and ensure their systems are prepared to prevent an attack.”