New Cybersecurity Threat ‘Mysterious Elephant’ Emerges in Asia-Pacific Region

In the second quarter of 2023 [1] [3], a new cybersecurity threat known as Mysterious Elephant emerged in the Asia-Pacific region [3]. This threat actor [1] [2] [3] [4] [5], belonging to the Elephants family [2], exhibits unique tactics [1], techniques [1] [2] [3] [4] [5], and procedures (TTPs) that distinguish them from other groups [2] [4].


Mysterious Elephant’s latest campaign involved the use of new backdoor families to execute files and commands on victims’ computers and communicate with a malicious server. While there are some similarities with other threat actors like Confucius and SideWinder [1] [3], Mysterious Elephant has its own distinct set of TTPs [5].

Additionally, Kaspersky researchers have identified a campaign called “Operation Triangulation” that utilized a previously unknown iOS malware platform distributed through zero-click iMessage exploits. Notorious hacking group Lazarus has also made updates to its MATA framework and introduced a new variant of the MATA malware family [3], MATAv5 [1] [3] [4]. Another subgroup of Lazarus [1], BlueNoroff [1] [4], has focused on financial attacks and adopted new delivery methods and programming languages [1].

Geopolitical influences continue to drive APT activity [1] [4], resulting in campaigns dispersed across various regions [1]. To combat these evolving threats, Kaspersky researchers recommend timely updates of operating systems and software [1], specialized training for cybersecurity teams [1], and the use of threat intelligence information and Endpoint Detection and Response (EDR) solutions to minimize the impact of high-profile attacks [1].


Lazarus [1] [3] [4], a well-known threat actor [2] [4] [5], has updated its MATA framework and introduced MATAv5 [1] [3] [4], a new variant of the sophisticated MATA malware family [4]. BlueNoroff [1] [4], a Lazarus subgroup specializing in financial attacks [4], has adopted new distribution methods and programming languages [1] [4]. ScarCruft [4], another APT group [4], has developed new infection methods that bypass the Mark-of-the-Web (MOTW) security mechanism [4]. The evolving APT activities of these actors pose new challenges for cybersecurity professionals [4].

Geopolitical pressures continue to drive APT activity [1] [4], with attackers focusing their attacks on regions such as Europe [4], Latin America [4], the Middle East [4], and various parts of Asia [4]. Cyber espionage [4], with significant geopolitical implications [4], remains a dominant activity [4]. To address these challenges, it is crucial to prioritize timely updates, provide specialized training [1], and leverage threat intelligence and EDR solutions to minimize the impact of high-profile attacks.