Mysterious Elephant APT Steals Gov Data via WhatsApp

The Mysterious Elephant APT group is conducting a sophisticated cyber-espionage campaign targeting government and foreign policy agencies in the Asia-Pacific region. Attackers gain initial access through highly personalized spear-phishing emails, often with diplomatic themes, to deploy their malicious payloads. The group utilizes a custom toolkit, including the BabShell reverse shell and MemLoader modules, which execute malware in memory to evade detection. A primary objective is data exfiltration, with specialized tools designed to steal documents, images, and archives transmitted via WhatsApp and harvest browser data. Mysterious Elephant leverages a dynamic infrastructure with multiple VPS providers and wildcard DNS records, making their persistent and evolving threat difficult to track.

Latest mentioned: 10-16

Earliest mentioned: 10-15

Sources

gbhackers.com securelist.com

Also Read

Beast Ransomware Emerges as Major Cyber Threat

Beast ransomware, a sophisticated Ransomware-as-a-Service (RaaS) operation, has emerged as a significant cybersecurity threat. It employs aggressive network propagation tactics using SMB port scanning to infiltrate and encrypt systems across enterprise environments. The ransomware has targeted organizations worldwide since July 2025, affecting diverse sectors including manufacturing, healthcare, and education. It uses phishing campaigns and the Vidar Infostealer to gain initial access. The malware includes geofencing logic to exclude certain regions, suggesting connections to specific geographical areas. It utilizes the ChaCha20 algorithm for encryption and includes a hidden GUI for manual control. Organizations must prioritize preventive measures and early detection capabilities to defend against this threat.

10-29Read more →