Elephant Beetle

Sygnia’s Incident Response (IR) team has been tracking financially motivation threat actor group "Elephant Beetle" for the past two years with their campaigns largely focused against Latin America and US-based commerce and financial entities. The group utilizes a large arsenal of tools and scripts with over 80 observed. Initial access has largely been obtained through vulnerable unpatched systems. The group has a methodical and slow approach in their breaches, with phases of attacks spanning months, with their first phase taking a month's time to survey and customize tools for the environment. In subsequent months, internal reconnaissance continues with the objective to understand the compromised group's financial transaction process and initiate a transaction to mimic legitimate behavior.