สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency

Report

Home > List all groups > Dark Pink

Threat Group Cards: A Threat Actor Encyclopedia

APT group: Dark Pink

Names	Dark Pink (Group-IB) Saaiwc (?)
Country	[Unknown]
Motivation	Information theft and espionage
First seen	2022
Description	(Group-IB) Group-IB, one of the global cybersecurity leaders, has today published its findings into Dark Pink, an ongoing advanced persistent threat (APT) campaign launched against high-profile targets in Cambodia, Indonesia, Malaysia, Philippines, Vietnam, and Bosnia and Herzegovina that we believe, with moderate confidence, was launched by a new threat actor. To date, Group-IB’s Threat Intelligence has been able to attribute seven successful attacks to this particular group from June-December 2022, with targets including military bodies, government ministries and agencies, and religious and non-profit organizations, although the list of victims could be significantly longer. Group-IB also noted one unsuccessful attack on a European state development body based in Vietnam.
Observed	Sectors: Defense, Education, Government, Non-profit organizations. Countries: Belgium, Bosnia and Herzegovina, Brunei, Cambodia, Indonesia, Malaysia, Philippines, Thailand, Vietnam.
Tools used	Ctealer, Cucky, KamiKakaBot, PowerSploit, TelePowerBot, ZMsg, Living off the Land.
Operations performed	Feb 2023	Dark Pink APT Group Strikes Government Entities in South Asian Countries <https://blog.eclecticiq.com/dark-pink-apt-group-strikes-government-entities-in-south-asian-countries>
Information	<https://www.group-ib.com/media-center/press-releases/dark-pink-apt/> <https://www.group-ib.com/blog/dark-pink-episode-2/>

Last change to this card: 21 June 2023

Download this actor card in PDF or JSON format

Previous: DarkHydrus, LazyMeerkat
Next: DarkUniverse

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Report incidents

+66 (0)2-123-1227

[email protected]