A hacker group known as “Mysterious Elephant” has launched a new cyber-espionage campaign across the Asia-Pacific region, targeting several government and foreign affairs institutions, according to Kaspersky’s Global Research and Analysis Team (GReAT).

In a press release issued on Sunday, Kaspersky revealed that the group has carried out cyberattacks in six countries, including Bangladesh, Pakistan, Afghanistan, Nepal, and Sri Lanka, as well as several neighbouring states.

The hackers are reportedly stealing sensitive information, such as government documents, images, archived files, and even WhatsApp data.

According to the statement, “Mysterious Elephant” has significantly evolved its tactics, now using not only custom-built tools but also open-source software and PowerShell scripts.

These tools enable the attackers to install malware, execute commands, and maintain persistent access to targeted systems through legitimate software.

The group’s main toolkit includes a reverse shell known as “BabShell”, which allows direct access to infected systems for data collection. It also uses two additional modules — “MemLoader” and “HiddenDesk” — to operate stealthily in memory, avoiding detection by security software.

Kaspersky noted that the hackers are particularly focused on extracting WhatsApp data, images, and confidential documents through specially designed modules.

Noushin Shabab, principal security researcher at Kaspersky’s GReAT team, said that the group’s infrastructure is designed to operate covertly and resist disruption.

“They use multiple domains and IP addresses, wildcard DNS records, virtual private servers (VPS), and cloud hosting,” she explained. “The use of wildcard DNS allows them to create new subdomains for each request, which helps them expand operations quickly and makes it extremely difficult for security analysts to track their activity.”

Established in 2008, Kaspersky’s Global Research and Analysis Team (GReAT) serves as the company’s core research division, specialising in the identification and analysis of APT attacks, cyber-espionage operations, ransomware, and underground criminal networks worldwide.