The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud.
https://threatpost.com/spyware-blitzes-compromise-cannibalize-ics-networks/177851/
The group blends into an environment before loading up trivial, thickly stacked, fraudulent financial transactions too tiny to be noticed but adding up to millions of dollars.
https://threatpost.com/elephant-beetle-months-networks-financial/177393/