Bangladesh among targets in ‘Mysterious Elephant’ cyberespionage campaign

A new wave of cyberespionage activity by a hacking group known as "Mysterious Elephant," targeting government and foreign affairs entities across the Asia-Pacific region, including Bangladesh, according to Kaspersky, the cybersecurity firm.

According to a press release, Kaspersky's Global Research and Analysis Team (GReAT) mentioned the campaign, active in early 2025, also targeted Pakistan, Afghanistan, Nepal, and Sri Lanka. The attackers aimed to steal highly sensitive data such as official documents, archived files, and images, while also focusing on exfiltrating WhatsApp data – including shared files and photos.

The group's latest campaign represents a major evolution in its tactics, combining custom-built and open-source tools for precision attacks. It uses PowerShell scripts to execute commands, deploy malware, and maintain persistence through legitimate utilities. One of its key tools, "BabShell," provides direct access to compromised systems and can load encrypted payloads into memory to evade detection, as per Kaspersky.

Urging organisations in the region to strengthen their defences and to share intelligence to counter sophisticated threats like Mysterious Elephant, Noushin Shabab, lead security researcher at Kaspersky GReAT said, "The threat actor's infrastructure is built for stealth and resilience, using a network of domains and IP addresses, wildcard DNS records, VPSs, and cloud hosting. The wildcard DNS records allows the group to generate unique subdomains for each request, scale operations quickly, and make tracking by security teams difficult."