• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

New APT Dark Pink Hits Asia-Pacific, Europe With Spear Phishing Tactics

You are here: Home / General Cyber Security News / New APT Dark Pink Hits Asia-Pacific, Europe With Spear Phishing Tactics
January 11, 2023

A new advanced persistent menace (APT) group dubbed ‘Dark Pink’ by Team-IB (and ‘Saaiwc Group’ by Chinese cybersecurity scientists) has been noticed focusing on numerous entities throughout Asia-Pacific and Europe, generally with spear phishing methods.

According to a new advisory printed by Team-IB earlier right now, Dark Pink began operations as early as mid-2021, despite the fact that the group’s activity sharply amplified in mid-to-late 2022.

“To day, [we have] uncovered 7 verified attacks by Dark Pink,” reads the complex publish-up. “The bulk of the attacks have been carried out versus international locations in the APAC location, though the risk actors unfold their wings and focused 1 European governmental ministry.”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


More precisely, Group-IB identified two armed service entities in the Philippines and Malaysia, a religious organization in Vietnam, and governing administration agencies in Cambodia, Indonesia and Bosnia and Herzegovina.

The security authorities also noticed an unsuccessful attack on a Vietnam-primarily based European point out enhancement company.

“Group-IB’s early investigation into Dark Pink has revealed that these threat actors are leveraging a new established of methods, methods, and strategies almost never used by previously known APT groups,” reads the advisory.

These incorporate a custom made toolkit featuring TelePowerBot, KamiKakaBot and Cucky and Ctealer facts stealers. Further, Dark Pink can also infect USB gadgets connected to compromised pcs.

“Dark Pink risk actors benefit from two core tactics: DLL Aspect-Loading and executing malicious material activated by a file sort affiliation […] The latter of these tactics is one particular seldom noticed used in the wild by threat actors,” Group-IB defined.

The security group also extra that threat actors had developed a set of PowerShell scripts for communications among victims and menace actors’ infrastructure and made use of Telegram API for all communication concerning them and infected infrastructure.

“The menace actors driving Dark Pink were in a position, with the guidance of their customized toolkit, to breach the defenses of governmental and armed forces bodies in a assortment of international locations in the APAC and European areas,” Team-IB wrote.

“Dark Pink’s campaign at the time once more underlines the large hazards that spear-phishing campaigns pose for corporations, as even remarkably state-of-the-art threat actors use this vector to get entry to networks, and we advise that organizations continue on to teach their staff on how to detect these types of emails.”

A lot more data about spear phishing and related attacks can be located in a the latest assessment by cybersecurity blogger Farwa Sajjad.


Some areas of this write-up are sourced from:
www.infosecurity-magazine.com

Previous Post: «new analysis reveals raspberry robin can be repurposed by other New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors
Next Post: Alert: Hackers Actively Exploiting Critical “Control Web Panel” RCE Vulnerability alert: hackers actively exploiting critical "control web panel" rce vulnerability»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root
  • Qilin Leads April 2025 Ransomware Spike with 45 Breaches Using NETXLOADER Malware

Copyright © TheCyberSecurity.News, All Rights Reserved.