• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
kamikakabot malware used in latest dark pink apt attacks on

KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets

You are here: Home / General Cyber Security News / KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets
March 13, 2023

The Dark Pink sophisticated persistent threat (APT) actor has been linked to a new established of attacks concentrating on govt and army entities in Southeast Asian international locations with a malware known as KamiKakaBot.

Dark Pink, also referred to as Saaiwc, was initial profiled by Group-IB before this year, describing its use of tailor made resources these as TelePowerBot and KamiKakaBot to run arbitrary instructions and exfiltrate sensitive facts.

The threat actor is suspected to be of Asia-Pacific origin and has been active due to the fact at least mid-2021, with an improved tempo noticed in 2022.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“The latest attacks, which took put in February 2023, ended up almost identical to previous attacks,” Dutch cybersecurity corporation EclecticIQ disclosed in a new report published past week.

“The key variance in the February campaign is that the malware’s obfuscation regimen has enhanced to far better evade anti-malware steps.”

The attacks perform out in the sort of social engineering lures that consist of ISO impression file attachments in email messages to deliver the malware.

The ISO picture includes an executable (Winword.exe), a loader (MSVCR100.dll), and a decoy Microsoft Phrase doc, the latter of which will come embedded with the KamiKakaBot payload.

KamiKakaBot Malware

The loader, for its aspect, is built to load the KamiKakaBot malware by leveraging the DLL aspect-loading technique to evade security protections and load it into the memory of the Winword.exe binary.

KamiKakaBot is mostly engineered to steal details stored in web browsers and execute distant code making use of Command Prompt (cmd.exe), while also embracing evasion tactics to mix in with sufferer environments and hinder detection.

WEBINARDiscover the Concealed Hazards of 3rd-Party SaaS Applications

Are you conscious of the challenges connected with 3rd-party application access to your firm’s SaaS apps? Join our webinar to study about the kinds of permissions being granted and how to limit risk.

RESERVE YOUR SEAT

Persistence on the compromised host is realized by abusing the Winlogon Helper library to make destructive Windows Registry crucial modifications. The gathered information is subsequently exfiltrated to a Telegram bot as a ZIP archive.

“The use of legit web services as a command-and-manage (C2) server, these as Telegram, stays the range a single option for unique risk actors, ranging from typical cyber criminals to state-of-the-art persistent risk actors,” the Amsterdam-dependent enterprise explained.

“The Dark Pink APT team is extremely probably a cyber espionage-inspired menace actor that especially exploits relations concerning ASEAN and European nations to build phishing lures during the February 2023 campaign.”

Found this post attention-grabbing? Adhere to us on Twitter  and LinkedIn to go through additional unique material we write-up.


Some pieces of this post are sourced from:
thehackernews.com

Previous Post: «batloader malware uses google ads to deliver vidar stealer and BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads
Next Post: Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom researchers uncover over a dozen security flaws in akuvox e11»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet
  • Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies
  • Fifth of Execs Admit Security Flaws Cost Them New Biz
  • Online Safety Bill: Why is Ofcom being thrown under the bus?

Copyright © TheCyberSecurity.News, All Rights Reserved.