A new Advanced Persistent Threat (APT) group dubbed “Dark Pink” by Group-IB (and Chinese cybersecurity researchers “Saaiwc Group”) is targeting Asia-Pacific and Europe, primarily using spear-phishing techniques. was discovered targeting various entities in
According to new recommendations issued by Group IB The group’s activity increased sharply in mid-to-late 2022, but today, Dark Pink is active as early as mid-2021.
“to date, [we have] We have found 7 confirmed attacks by Dark Pink,” read the technical article. “While most of the attacks were against countries in her APAC region, the threat actor has spread its wings and targeted government ministries in Europe.”
More specifically, Group IB identified two military organizations in the Philippines and Malaysia, religious groups in Vietnam, and government agencies in Cambodia, Indonesia, and Bosnia and Herzegovina.
Security experts also found an unsuccessful attack on a European national development agency based in Vietnam.
“Initial research into Dark Pink by Group-IB reveals that these actors employ a set of new tactics, techniques and procedures rarely used by known APT groups. became.” Recommendation.
These include TelePowerBot, KamiKakaBot, and a custom toolkit with Cucky and Ctealer information stealers. Additionally, Dark Pink can also infect USB devices connected to compromised computers.
“The Dark Pink attackers utilize two primary techniques: DLL sideloading and malicious content execution triggered by file type associations. […] The latter of these tactics is rarely seen in practice by threat actors,” explained Group-IB.
The security team also has the threat actor create a set of PowerShell scripts for communication between the victim and the threat actor’s infrastructure, telegram API for all communication between them and the infected infrastructure.
“With the help of a custom toolkit, the threat actors behind Dark Pink were able to breach government and military defenses of various countries in the APAC and European regions,” said Group-IB. writing.
“Dark Pink’s campaign once again highlights the enormous danger spear-phishing campaigns pose to organizations, as even the most sophisticated attackers use this vector to gain access to their networks. We recommend that you continue to educate your personnel on how to detect the types of emails.
You can find more information about spear phishing and similar attacks in a recent analysis By cybersecurity blogger Farwa Sajjad.
