Security News > 2023 > January > New Dark Pink APT group targets govt and military with custom malware
Attacks targeting government agencies and military bodies in multiple countries in the APAC region have been attributed to what appears to be a new advanced threat actor that leverages custom malware to steal confidential information.
Security researchers refer to this group as Dark Pink or Saaiwc Group, noting that it employs uncommon tactics, techniques, and procedures.
The custom toolkit observed in the attacks can be used to steal information and spread malware via USB drives.
Considered an advanced persistent threat, Dark Pink has launched at least seven successful attacks between June and December 2022.
A previous report from the Chinese cybersecurity company Anheng Hunting Labs, who track Dark Pink as Saaiwc Group, describes some attack chains and notes that in one of them the actor used a Microsoft Office template with malicious macro code to exploit an older, high-severity vulnerability identified as CVE-2017-0199.
Although Group-IB confirms with high confidence that Dark Pink is responsible for seven attacks, the researchers note that the number could be higher.
News URL
Related news
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia (source)
- The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal (source)
- Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware (source)