A new advanced persistent menace (APT) group dubbed ‘Dark Pink’ by Team-IB (and ‘Saaiwc Group’ by Chinese cybersecurity scientists) has been noticed focusing on numerous entities throughout Asia-Pacific and Europe, generally with spear phishing methods.
According to a new advisory printed by Team-IB earlier right now, Dark Pink began operations as early as mid-2021, despite the fact that the group’s activity sharply amplified in mid-to-late 2022.
“To day, [we have] uncovered 7 verified attacks by Dark Pink,” reads the complex publish-up. “The bulk of the attacks have been carried out versus international locations in the APAC location, though the risk actors unfold their wings and focused 1 European governmental ministry.”
More precisely, Group-IB identified two armed service entities in the Philippines and Malaysia, a religious organization in Vietnam, and governing administration agencies in Cambodia, Indonesia and Bosnia and Herzegovina.
The security authorities also noticed an unsuccessful attack on a Vietnam-primarily based European point out enhancement company.
“Group-IB’s early investigation into Dark Pink has revealed that these threat actors are leveraging a new established of methods, methods, and strategies almost never used by previously known APT groups,” reads the advisory.
These incorporate a custom made toolkit featuring TelePowerBot, KamiKakaBot and Cucky and Ctealer facts stealers. Further, Dark Pink can also infect USB gadgets connected to compromised pcs.
“Dark Pink risk actors benefit from two core tactics: DLL Aspect-Loading and executing malicious material activated by a file sort affiliation […] The latter of these tactics is one particular seldom noticed used in the wild by threat actors,” Group-IB defined.
The security group also extra that threat actors had developed a set of PowerShell scripts for communications among victims and menace actors’ infrastructure and made use of Telegram API for all communication concerning them and infected infrastructure.
“The menace actors driving Dark Pink were in a position, with the guidance of their customized toolkit, to breach the defenses of governmental and armed forces bodies in a assortment of international locations in the APAC and European areas,” Team-IB wrote.
“Dark Pink’s campaign at the time once more underlines the large hazards that spear-phishing campaigns pose for corporations, as even remarkably state-of-the-art threat actors use this vector to get entry to networks, and we advise that organizations continue on to teach their staff on how to detect these types of emails.”
A lot more data about spear phishing and related attacks can be located in a the latest assessment by cybersecurity blogger Farwa Sajjad.
Some areas of this write-up are sourced from: