Threat Management

Government, military orgs targeted by Dark Pink APT

Newly identified advanced persistent threat group Dark Pink has launched seven successful cyberattacks against various government and military organizations in the Asia-Pacific region from June to December, according to The Hacker News. Despite being pegged to have emerged in mid-2021, Dark Pink has only heightened its intrusions with a novel custom toolkit for data exfiltration a year later, a report from Group-IB revealed. "Dark Pink APT's primary goals are to conduct corporate espionage, steal documents, capture the sound from the microphones of infected devices, and exfiltrate data from messengers," said Group-IB researcher Andrey Polovinkin. Aside from utilizing spear-phishing emails and Telegram API in its attacks, Dark Pink has also been hosting malicious modules through a single GitHub account since May 2021. Various infection chains have also been employed by Dark Pink in the latest campaign, which is believed to prompt the distribution of the KamiKakaBot and TelePowerBot payloads. "The threat actors behind this wave of attacks were able to craft their tools in several programming languages, giving them flexibility as they attempted to breach defense infrastructure and gain persistence on victims' networks," said Polovinkin.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.