Newly emergent advanced persistent threat operation Dark Pink, also known as Saaiwc, has launched new attacks with the improved KamiKakaBot malware against government and military organizations across Southeast Asia since last month, reports The Hacker News.
Such attacks, while "almost identical" to the intrusions initially reported by Group-IB in January, involved the use of an updated KamiKakaBot malware with better obfuscation capabilities, according to an EcleticIQ report.
Dark Pink has been facilitating infections through the delivery of phishing emails with ISO image attachments containing a decoy Microsoft Word document with the KamiKakaBot malware, a loader, and an executable.
After the malware is loaded through DLL side-loading, KamiKakaBot then proceeds with browser data theft and remote code execution while being concealed from anti-virus system detection. KamiKakaBot also exploits the Winlogon Helper library to achieve persistence, while exfiltrated data are delivered to a Telegram bot.
"The use of legitimate web services as a command-and-control (C2) server, such as Telegram, remains the number one choice for different threat actors, ranging from regular cyber criminals to advanced persistent threat actors," said EcleticIQ.
Fifty percent more distributed denial-of-service attacks have been launched by threat actors during the first quarter of 2024 over the same period last year, with thwarted DDoS attacks increasing by 93% year-over-year, SiliconAngle reports.
Security Affairs reports that attacks with an updated iteration of the LightSpy iOS spyware using the "F_Warehouse" framework have been deployed against Southern Asian targets as part of a new cyberespionage campaign.
Operations of Russia's industrial sensor and monitoring infrastructure were claimed to have been disrupted by Ukrainian hacking operation Blackjack following a Fuxnet malware attack against Moscow-based underground infrastructure firm Moscollector, reports SecurityWeek.