CyberSum logo
Back

Mysterious Elephant APT Group Targets Government Agencies

Cyber Security News by CyberSum.net
2 sources
The Mysterious Elephant APT group has launched a sophisticated campaign targeting government and foreign policy agencies. The group uses custom-built malware and modified open-source utilities to siphon off sensitive data, including documents and images, from WhatsApp communications. The campaign, active since early 2025, employs spear phishing as the primary entry vector, with highly personalized emails invoking regional diplomatic themes. Once inside, the group deploys an arsenal of tools, including BabShell and MemLoader variants, to establish persistence and exfiltrate data. The group's infrastructure leverages wildcard DNS records and multiple VPS providers, complicating defensive tracking and attribution efforts.

Also Read

PassiveNeuron Cyberespionage Campaign Resurfaces with New Tactics

The PassiveNeuron cyberespionage campaign has re-emerged after a six-month hiatus, targeting government, financial, and industrial organizations with sophisticated malware. The campaign primarily exploits Microsoft SQL servers to gain initial access, leveraging vulnerabilities or brute-forcing credentials. Attackers deploy ASPX web shells and adapt their techniques to evade detection, using custom malware like Neursite and NeuralExecutor. The campaign's persistence and targeted nature highlight the need for robust SQL injection defenses and comprehensive web shell detection.

By Cyber Security News by CyberSum.net