2022-01-05

Elephant Beetle

Level: 
Tactical
  |  Source: 
Sygnia
Commerce & Finance
Share:

Elephant Beetle

Industry: Commerce & Finance | Level: Tactical | Source: Sygnia

Sygnia’s Incident Response (IR) team has been tracking financially motivation threat actor group "Elephant Beetle" for the past two years with their campaigns largely focused against Latin America and US-based commerce and financial entities. The group utilizes a large arsenal of tools and scripts with over 80 observed. Initial access has largely been obtained through vulnerable unpatched systems. The group has a methodical and slow approach in their breaches, with phases of attacks spanning months, with their first phase taking a month's time to survey and customize tools for the environment. In subsequent months, internal reconnaissance continues with the objective to understand the compromised group's financial transaction process and initiate a transaction to mimic legitimate behavior.

  • Anvilogic Use Cases:
  • Potential Web Shell
  • Web Application File Upload
  • Tunneling Process Created
  • Wscript/Cscript Execution
  • WinRM Tools
  • PowerShell: SMBExec Script

Chat with our team to receive a free maturity assessment

Get in Touch