Security News > 2023 > June > Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims

So says Singapore-based security outfit Group-IB, which claims Dark Pink has been active since mid-2021, primarily focused on victims in the Asia-Pacific region - but that appears to be changing.

Group-IB's researchers say they've identified five new Dark Pink victims since their January 2023 research on the threat group, bringing the criminals' victim list to 13.

Dark Pink continues to use ISO images sent in phishing emails for its initial intrusions.

According to Group-IB, the malware appears designed to steal confidential files from government and military networks, and can "Infect even the USB devices attached to compromised computers." The malicious code can also get at messenger apps on infected PCs. Dark Pink appears to have updated KamiKakaBot by splitting its functionality into two parts: controlling devices, and stealing data.

Between January 9 and April 11, Dark Pink only performed 12 commits to add Powershell scripts;.

Dark Pink also appears to have developed new methods to steal data instead of using email or Dropbox as usual.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/06/01/dark_pink_cyber_spies/