Sunday, 5th April 2026
Khabor Wala Desk
Published: 20th October 2025, 12:04 PM
A newly identified hacker group known as ‘Mysterious Elephant’ has been actively operating across the Asia-Pacific region since the beginning of this year, according to Kaspersky’s Global Research and Analysis Team (GReAT).
Kaspersky reports that the group primarily targets government agencies and foreign affairs-related organisations, aiming to steal sensitive and classified information, including official documents, images, and archived files. Among its confirmed targets are Bangladesh, Pakistan, Afghanistan, Nepal, Sri Lanka, and several neighbouring countries.
Scope and Intent of Attacks
| Aspect | Details |
| Primary Targets | Government and diplomatic institutions |
| Targeted Regions | Bangladesh, Pakistan, Afghanistan, Nepal, Sri Lanka, others |
| Objectives | Theft of sensitive data (documents, archives, photos) |
| Additional Focus | Attempts to steal WhatsApp information and user data |
Kaspersky has further revealed that the attackers are attempting to exfiltrate WhatsApp files, shared media, and documents, reflecting an expansion of their data-harvesting efforts beyond traditional systems.
In its 2025 cyber campaign, Mysterious Elephant has significantly refined and diversified its attack methods. The group now uses a combination of custom-built malware and open-source tools for conducting targeted cyber intrusions.
Their operations rely heavily on PowerShell scripts to execute commands, deploy malware, and maintain persistent access through legitimate software — a tactic designed to evade detection.
| Key Malware Tools Used by Mysterious Elephant | Functions |
| Babshell | Acts as a reverse shell enabling direct system access and data exfiltration. |
| Memloader | Loads malicious code into memory, avoiding file-based detection. |
| HiddenDesk | Conceals malware activity in system memory to bypass security software. |
These tools allow the hackers to perform covert operations, ensuring their presence remains undetected by most standard antivirus defences.
According to Noushin Shabbab, Principal Security Researcher at Kaspersky GReAT, the group has built a highly resilient and discreet operational infrastructure.
“Mysterious Elephant’s framework is designed to remain hidden and resist takedown efforts. They employ multiple domains, wildcard DNS records, VPS services, and cloud hosting to diversify and obscure their network,” said Shabbab.
A particularly concerning tactic is the use of wildcard DNS records, which enables the automatic generation of new subdomains for every connection request — making tracking and blocking their operations exceedingly difficult for cybersecurity teams.
Kaspersky has urged users and institutions to strengthen their cybersecurity measures to combat such advanced threats. The company recommends the adoption of its enhanced security solutions, including:
| Recommended Kaspersky Solutions | Purpose |
| Kaspersky Next | Comprehensive cybersecurity platform for enterprises |
| Compromise Assessment | Identifies ongoing or past breaches within networks |
| Managed Detection and Response (MDR) | Real-time threat monitoring and defence |
| Incident Response | Immediate containment and investigation of cyber incidents |
| Threat Intelligence | Provides up-to-date insights on evolving global threats |
The discovery of Mysterious Elephant highlights a growing trend of state-level or state-sponsored cyber espionage in South Asia, with Bangladesh emerging as one of the primary targets in this sophisticated regional campaign.
Comments