A new hacking group known as "Mysterious Elephant" was discovered operating in the Asia-Pacific area earlier this year by Kaspersky's Global Research and Analysis Team (GREAT).
This hacker group primarily targets various government agencies and multinational organisations in the area. Bangladesh, Pakistan, Afghanistan, Nepal, Sri Lanka, and a number of other nearby nations are among their target nations.
These cyberattacks try to steal sensitive and critical data, including archive files, office documents, and photos. The group has also attempted to steal WhatsApp information, says Kaspersky.
In this 2025 cyberattack, "Mysterious Elephant" has significantly altered its approach. For targeted cyberattacks, the gang is utilising both its own and open-source tools this time.
Through the use of "PowerShell Scripts," the "Mysterious Elephant" has been able to stay in control of the system permanently by sending malware, executing commands, and using genuine software.
"Babshell," one of the hacker group's key tools, acts as a reverse shell, allowing them to gain immediate access to the system and gather crucial data.
The hackers use the "MemLoader" and "HiddenDesk" modules to execute attacks in a way that makes their malware or virus operate discreetly in the storage device and evade detection by security software.
Furthermore, this cyber effort involves the theft of WhatsApp data, where the hacker collective uses specialised modules to gather shared papers, files, and photos.
According to Noushin Shabab, head security researcher at Kaspersky's GREAT team, this hacking group's multiple infrastructures are being hacked in order to enable covert operations and prevent easy destruction. Cloud hosting, VPS, wildcard DNS records, and multiple domains and IP addresses are all being used. The "wildcard DNS record," in particular, enables the hacker collective to generate new subdomains for every request, expanding the scope of their activities and making it more challenging for security teams to follow them.
Kaspersky has suggested that users make use of a number of services in order to enhance their cybersecurity. Compromise Assessment, Managed Detection and Response, Incident Response, Kaspersky Threat Intelligence, and Kaspersky Next have all been discussed by the manufacturer in this context.
