This sneaky hacking group targets old Java applications to break into networks

A highly organised and stealthy cyber-criminal operation is stealing millions of dollars from financial organisations in attacks that have been active for at least two years. 

The campaign has been detailed by researchers at Israeli cybersecurity company Sygnia, who have dubbed the organised financial theft operation behind the attacks as ‘Elephant Beetle’. 

ZDNet Recommends

These attacks are predominantly focused on financial organisations in Latin America, although researchers warned that the campaign could shift towards targets in other parts of the world. Researchers note that one of the breaches they uncovered when analysing Elephant Beetle campaigns was against the Latin American arm of an undisclosed US-based company. 

SEE: A winning strategy for cybersecurity (ZDNet special report) 

Elephant Beetle campaigns take place over a long period, with those behind the attacks taking time to examine the financial systems of compromised victims in order to create fraudulent transactions hidden among regular activity, which adds up to millions of dollars being stolen.  

The entry point of the attacks is a focus on legacy Java applications running on Linux-based machines and web servers. The legacy nature of these systems means they’re likely to contain unpatched vulnerabilities that can be exploited. 

Among these vulnerabilities are Primefaces Application Expression Language

Read More: