Hacker Group ‘Mysterious Elephant’ Targets Bangladesh and Neighbouring Nations

A newly identified hacker group known as ‘Mysterious Elephant’ has been actively operating across the Asia-Pacific region since the beginning of this year, according to Kaspersky’s Global Research and Analysis Team (GReAT).

Kaspersky reports that the group primarily targets government agencies and foreign affairs-related organisations, aiming to steal sensitive and classified information, including official documents, images, and archived files. Among its confirmed targets are Bangladesh, Pakistan, Afghanistan, Nepal, Sri Lanka, and several neighbouring countries.

Scope and Intent of Attacks

Kaspersky has further revealed that the attackers are attempting to exfiltrate WhatsApp files, shared media, and documents, reflecting an expansion of their data-harvesting efforts beyond traditional systems.

In its 2025 cyber campaign, Mysterious Elephant has significantly refined and diversified its attack methods. The group now uses a combination of custom-built malware and open-source tools for conducting targeted cyber intrusions.

Their operations rely heavily on PowerShell scripts to execute commands, deploy malware, and maintain persistent access through legitimate software — a tactic designed to evade detection.

These tools allow the hackers to perform covert operations, ensuring their presence remains undetected by most standard antivirus defences.

According to Noushin Shabbab, Principal Security Researcher at Kaspersky GReAT, the group has built a highly resilient and discreet operational infrastructure.

“Mysterious Elephant’s framework is designed to remain hidden and resist takedown efforts. They employ multiple domains, wildcard DNS records, VPS services, and cloud hosting to diversify and obscure their network,” said Shabbab.

A particularly concerning tactic is the use of wildcard DNS records, which enables the automatic generation of new subdomains for every connection request — making tracking and blocking their operations exceedingly difficult for cybersecurity teams.

Kaspersky has urged users and institutions to strengthen their cybersecurity measures to combat such advanced threats. The company recommends the adoption of its enhanced security solutions, including:

The discovery of Mysterious Elephant highlights a growing trend of state-level or state-sponsored cyber espionage in South Asia, with Bangladesh emerging as one of the primary targets in this sophisticated regional campaign.