Mysterious Elephant APT: TTPs and tools | Securelist

Mysterious Elephant, a highly active APT group discovered in 2023, targets government entities and foreign affairs sectors in the Asia-Pacific region. Their latest campaign, beginning in early 2025, utilizes spear phishing, custom-made tools, and open-source tools like BabShell and MemLoader to gain access and exfiltrate sensitive data, including WhatsApp communications. The group’s infrastructure is a network of domains and IP addresses, making it challenging to track their activities.