A bad actor known as 'Elephant Beetle' is reportedly stealing millions from organizations around the world, according to the Sygnia Incident Response team.
What's most fascinating about this bad actor is the rolodex of tools and scripts they are utilizing -- over 80 have been reported.
Their approach is also unique, with the bad actor injecting fraudulent transactions and stealing small amounts from organizations over long periods of time. The group is actively targeted legacy Java applications on Linux systems.
Juan Pablo Perez-Etchegoyen, CTO at Onapsis weighed in on this threat actor and their reported techniques:
“This research [by Sygnia] further confirms that threat actors understand SAP applications and that they are leveraging SAP-specific exploits and techniques to compromise companies with the ultimate goal of exfiltrating data and performing financial fraud.”
“Some of the vulnerabilities identified by the Sygnia research team were highlighted by CISA in 2016, through the technical alert TA16-132A, due to the vast exploitation and compromise of internet-facing SAP applications performed by diverse threat actors. This was followed by four other CISA technical and current activity alerts in the successive years.”
“Given this research published by Sygnia, combined with some of the latest threat intelligence provided by SAP and Onapsis, it is of utmost importance for organizations to strengthen their SAP security processes, incorporating SAP within their vulnerability management and incident response processes to make it harder for threat actors to perform that initial compromise.”
###