HQ/EMEAFind out how we can help your business
The advanced persistent threat group, Dark Pink APT, has conspired with five new cybercriminal operations that target organisations in Europe and East Asia. Based on reports, these attacks occurred between February last year and April 2023.
The confirmed targets of these attacks are government agencies, academic institutions, military groups, and non-profit organisations.
The Dark Pink APT prioritises targeting Southeast Asian nations.
According to investigations, the Dark Pink APT group has allegedly been established in the Asia Pacific region and has primarily targeted organisations from Thailand, Vietnam, and Indonesia.
The operators of this group use multiple malware tools, such as KamiKakaBot and TelePowerBot, to steal information from targeted hosts through multiple kill chains.
The Dark Pink campaign starts with spear-phishing emails for initial infections. The actors then establish persistence after gaining access to remain undetected and control the compromised system.
In addition, the threat actors have a new GitHub account that hosts ZIP archives, custom malware, and a PowerShell script for additional installation onto the infected devices.
A recent tally showed that the APT group had 13 victims in their previous attacks, five of which came from 2021. However, the group have modified their sequence recently to avoid threat analysis. Moreover, they have also improved their KamiKakaBot, which executes commands from a Telegram channel.
The newest variant of KamiKakaBot divides its functionality into two. Its operators use the first part to control devices, while the second uses it to gather critical information. The APT group also exfiltrates stolen data over HTTP through the webhook[.]site. Furthermore, the group uses emails or publicly accessible cloud services, like DropBox, to make their attacks more efficient.
Lastly, the actors maintain their malware persistence inside the infected host using an Excel add-in library.
The new strategy changes, mainly focusing on anti-analysis capabilities and targeted institutions, imply that this advanced persistent threat group wants a low profile and avoids security entities while targeting high-end individuals. Therefore, cybersecurity researchers urge organisations to stay vigilant and adopt a multi-layered defence mechanism to fend off such malicious groups.
