Security News > 2023 > January > New Dark Pink APT group targets govt and military with custom malware
Attacks targeting government agencies and military bodies in multiple countries in the APAC region have been attributed to what appears to be a new advanced threat actor that leverages custom malware to steal confidential information.
Security researchers refer to this group as Dark Pink or Saaiwc Group, noting that it employs uncommon tactics, techniques, and procedures.
The custom toolkit observed in the attacks can be used to steal information and spread malware via USB drives.
Considered an advanced persistent threat, Dark Pink has launched at least seven successful attacks between June and December 2022.
A previous report from the Chinese cybersecurity company Anheng Hunting Labs, who track Dark Pink as Saaiwc Group, describes some attack chains and notes that in one of them the actor used a Microsoft Office template with malicious macro code to exploit an older, high-severity vulnerability identified as CVE-2017-0199.
Although Group-IB confirms with high confidence that Dark Pink is responsible for seven attacks, the researchers note that the number could be higher.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-12 | CVE-2017-0199 | Remote Code Execution vulnerability in Microsoft Office OLE Feature Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API." | 9.3 |