Earlier this year, Kaspersky’s Global Research and Analysis Team (GReAT) identified a campaign by the ‘Mysterious Elephant’ APT. The group mainly targets government entities as well as foreign affairs organizations across the APAC area, with a particular focus on Pakistan, Bangladesh, Afghanistan, Nepal, Sri Lanka and other nations.
According to the update from cybersecurity firm Kasperksy, the attackers aim to steal highly sensitive information, such as documents, images, as well as archived files, with WhatsApp data “targeted for exfiltration.”
The group’s campaign marks a shift in its TTPs: the attackers have transitioned to a combination of custom-built and open-source tools to achieve their goals.
The threat actor reportedly uses a combination of exploit kits, personalized spear-phishing emails, and malicious documents, “tailoring each attack to specific victims to gain initial access.”
Once inside the network, the threat actor employs a range of tools and techniques in order to escalate privileges, “move laterally, and exfiltrate sensitive data.”
PowerShell scripts form the backbone of Mysterious Elephant’s operations, enabling the group to carry out commands, introduce additional malware, and maintain persistence on affected systems.
These scripts seemingly use legitimate tools and system utilities in order to orchestrate malicious activities.
A central tool in the group’s arsenal is BabShell, which is described as a reverse shell that grants attackers “direct access to infected machines.”
Once executed, it gathers critical system information including “the username, computer name, and MAC address to uniquely identify the target.”
BabShell also serves as a launchpad for modules such as MemLoader HidenDesk, which executes “malicious payloads in memory while leveraging encryption and compression to evade detection.”
This campaign is notable for its focus on WhatsApp data theft. The attackers have developed specialized modules capable of “exfiltrating files shared through the app, including sensitive documents, photos, and archives.”
In another recent update shared by Kaspersky, the cybersecurity firm’s findings indicate that AI is appreciated among travelers for saving time, looking for more personalized recommendations and budget-saving offers.
But data security risks awareness is also high, which is what security professionals consider to be a good sign.
Kaspersky’s market research center has discovered what drives active AI users to charge chatbots and AI-powered tools with the “responsibility of travel planning and how they estimate the security of such services.”
The survey reveals that the primary motivation for turning to AI in travel planning is to “save time and simplify preparation, with 73% of users pointing out these benefits.”
Other benefits of AI in traveling, named by 65% of respondents, are the search for information about the main attractions in the chosen location as well as personalized recommendations.
In addition to this, the majority or 63% use AI to find the favorable offers, while 61% trust it to uncover key information that might be challenging to find.