The attack was launched between June and December 2022 and has been targeting countries in the Asia-Pacific, such as Cambodia, Vietnam, Malaysia, Indonesia, and the Philippines. Along with these, one European country, Bosnia and Herzegovina was also targeted.
Details Of The Attack
The attack was first discovered by Albert Priego, a Group-IB malware analyst, and was labeled ‘The Dark Pink.’ This APT group has also been named Saaiwc Group by a Chinese cybersecurity researcher.
Researchers from Group-IB found activity on Dark Pink’s GitHub account, which suggests that Dark Pink’s operations may be traced as far back as mid-2021. However, from mid to late 2022, the group’s activity increased significantly.
In regards to the attack, the Group-IB stated in a blog post that the Dark Pink operators are “leveraging a new set of tactics, techniques, and procedures rarely utilized by previously known APT groups.” Furthermore, Group-IB wrote of a custom toolkit “featuring four different infostealer: TelePowerBot, KamiKakaBot, Cucky, and Ctealer.”
These infostealers are being utilized by the threat group to extract important documents stored inside government and m
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: