ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > Dark Pink

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Dark Pink

NamesDark Pink (Group-IB)
Saaiwc Group (Anheng Hunting Labs)
Country[Unknown]
MotivationInformation theft and espionage
First seen2022
Description(Group-IB) Group-IB, one of the global cybersecurity leaders, has today published its findings into Dark Pink, an ongoing advanced persistent threat (APT) campaign launched against high-profile targets in Cambodia, Indonesia, Malaysia, Philippines, Vietnam, and Bosnia and Herzegovina that we believe, with moderate confidence, was launched by a new threat actor. To date, Group-IB’s Threat Intelligence has been able to attribute seven successful attacks to this particular group from June-December 2022, with targets including military bodies, government ministries and agencies, and religious and non-profit organizations, although the list of victims could be significantly longer. Group-IB also noted one unsuccessful attack on a European state development body based in Vietnam.
ObservedSectors: Defense, Education, Government, Non-profit organizations.
Countries: Belgium, Bosnia and Herzegovina, Brunei, Cambodia, Indonesia, Malaysia, Philippines, Thailand, Vietnam.
Tools usedCtealer, Cucky, KamiKakaBot, PowerSploit, TelePowerBot, ZMsg, Living off the Land.
Operations performedFeb 2023Dark Pink APT Group Strikes Government Entities in South Asian Countries
<https://blog.eclecticiq.com/dark-pink-apt-group-strikes-government-entities-in-south-asian-countries>
Information<https://www.group-ib.com/media-center/press-releases/dark-pink-apt/>
<https://www.group-ib.com/blog/dark-pink-episode-2/>

Last change to this card: 10 March 2024

Download this actor card in PDF or JSON format

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]