Names | Dark Pink (Group-IB) Saaiwc Group (Anheng Hunting Labs) | |
Country | [Unknown] | |
Motivation | Information theft and espionage | |
First seen | 2022 | |
Description | (Group-IB) Group-IB, one of the global cybersecurity leaders, has today published its findings into Dark Pink, an ongoing advanced persistent threat (APT) campaign launched against high-profile targets in Cambodia, Indonesia, Malaysia, Philippines, Vietnam, and Bosnia and Herzegovina that we believe, with moderate confidence, was launched by a new threat actor. To date, Group-IB’s Threat Intelligence has been able to attribute seven successful attacks to this particular group from June-December 2022, with targets including military bodies, government ministries and agencies, and religious and non-profit organizations, although the list of victims could be significantly longer. Group-IB also noted one unsuccessful attack on a European state development body based in Vietnam. | |
Observed | Sectors: Defense, Education, Government, Non-profit organizations. Countries: Belgium, Bosnia and Herzegovina, Brunei, Cambodia, Indonesia, Malaysia, Philippines, Thailand, Vietnam. | |
Tools used | Ctealer, Cucky, KamiKakaBot, PowerSploit, TelePowerBot, ZMsg, Living off the Land. | |
Operations performed | Feb 2023 | Dark Pink APT Group Strikes Government Entities in South Asian Countries <https://blog.eclecticiq.com/dark-pink-apt-group-strikes-government-entities-in-south-asian-countries> |
Information | <https://www.group-ib.com/media-center/press-releases/dark-pink-apt/> <https://www.group-ib.com/blog/dark-pink-episode-2/> |
Last change to this card: 10 March 2024
Download this actor card in PDF or JSON format
Previous: DarkHydrus, LazyMeerkat
Next: DarkUniverse
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |