Dark Pink APT targeting government and military in Asia-Pacific region and Europe

Share post:

According to researchers at cybersecurity firm Group-IB, a recently discovered hacking campaign dubbed Dark Pink is targeting a variety of organizations across the Asia-Pacific region, as well as one in Europe, as part of an advanced scheme aimed at stealing corporate data and other high-value secrets.

In Cambodia, Indonesia, Malaysia, the Philippines, Vietnam, and Bosnia and Herzegovina, Dark Pink has been found to be targeting military bodies, government ministries and agencies, as well as religious and nonprofit organizations.

“Dark Pink APT’s primary goals are to conduct corporate espionage, steal documents, capture the sound from the microphones of infected devices, and exfiltrate data from messengers,” Group-IB researcher Andrey Polovinkin said, describing the activity as a “highly complex APT campaign launched by seasoned threat actors.”

Dark Pink is said to be targeting victims for corporate espionage using spear-phishing emails and an almost entirely custom toolkit. The tools used by the group attempt to steal files, microphone audio, and messenger data from infected devices and networks. It exfiltrates data in three ways: via Telegram, file transfer to Dropbox, and email.

In one case, the attackers pretended to be applicants for a public relations and communications intern position, implying that they use job boards to find victims. Within the email, a shortened link contains both fraudulent and innocuous documents that deliver the malware used to advance the operation.

The email method was surprising, according to the researchers. Among the email addresses used were blackpink.301@outlook.com and blackred.113@outlook.com. According to data collected by the researchers, the body of the email simply read “hello badboy,” while the subject line was the name of the specific device.

The researchers can’t pin this campaign to any known threat actor, but Chinese cybersecurity researchers are saying it is the Saaiwc Group.

The sources for this piece include an article in TheHackerNews.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, March 27, 2024 – A botnet exploits old routers, a new malware loader discovered, and more warnings about downloading code from...

This episode reports on a new network of 40,000 infected small and home office routers and other devices that are part of a criminal botnet

Cyber Security Today, March 25, 2024 – A suspected China threat actor going after unpatched F5 and ScreenConnet installations

This episode reports on a new campaign stealing email passwords ,the latest data breaches

A hacker’s view of the civic infrastructure: Hashtag Trending, the Weekend Edition for March 23rd, 2024

What does the civic infrastructure look like through the eyes of a hacker? The legendary general Sun Tzu in the Art of War said that in order to defeat your enemy, you must first understand your enemy. How do you do this? He said, “to know your enemy, you must become your enemy.” If we

Cyber Security Today, Week in Review for week ending Friday, March 22, 2024

This episode features discussion on lessons learned from the ransomware attack on the British Library, advice for managing expectations of IT/security teams, why firms are leaving Google Firebase unprotecte

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways