Brunei, Indonesia, and Vietnam had their education, government, and military organizations targeted by the advanced persistent threat group Dark Pink
, which has been ramping up attacks this year, BleepingComputer
Dark Pink also attacked an educational institution in Belgium and a Thailand military organization last year, a report from Group-IB showed. Spear-phishing emails are being leveraged by the operation to deliver ISO archives that conduct DLL side-loading to facilitate the delivery of its KamiKakaBot and TelePowerBot backdoors, with the former now updated to enable both control of the compromised device and theft of data.
Moreover, additional malware-loaded modules have been hosted by Dark Pink on a private GitHub repository, with the operation performing 12 commits so far this year.
Dark Pink has also expanded its data exfiltration techniques to include the utilization of DropBox uploads and HTTP theft through a temporary endpoint, suggesting further attack arsenal expansion down the line.