Dark Pink

Threat Actor updated 4 months ago (2024-05-04T20:38:32.493Z)
Download STIX
Preview STIX
Dark Pink, also known as Saaiwc Group, is a Chinese-aligned cyberespionage entity that has been particularly active since mid-2022. The threat actor has conducted spearphishing campaigns against government, military, and non-profit organizations in Southeast Asia and parts of Europe, using sophisticated techniques such as DLL side-loading to load malware onto targeted machines. Dark Pink has also been observed conducting lateral movement over USB devices and infecting USB devices attached to compromised computers. The group's activities highlight the significant risks that spear-phishing campaigns pose to organizations. The Dark Pink APT group has been attributed with numerous attacks, utilizing legitimate tools like MsBuild.exe to run the KamiKakaBot malware on victims' devices. This malware, delivered via phishing emails, aims to steal credentials, browsing history, and cookies from browsers like Chrome, Edge, and Firefox. Notably, Dark Pink was among multiple APT groups observed exploiting the CVE-2023-38831 vulnerability. The group's campaign underscores the importance of continuous education for personnel on detecting spear-phishing emails. Group-IB, a cybersecurity firm, first profiled Dark Pink earlier this year, detailing its use of custom tools such as TelePowerBot and KamiKakaBot to run arbitrary commands and exfiltrate data. More recently, Dark Pink has been linked to fresh attacks targeting government and military entities in Southeast Asian countries with the KamiKakaBot malware. The ongoing activities of Dark Pink underscore the persistent nature of these threats and the evolving tactics, techniques, and procedures (TTPs) they employ.
Description last updated: 2024-05-04T18:49:56.642Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Malware
Phishing
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
KamikakabotUnspecified
4
KamiKakaBot is a potent malware designed to extract sensitive information from popular browsers such as Chrome, MS Edge, and Firefox. Discovered by researchers, this malicious software is deployed by the DarkPink APT group, primarily targeting the Asia-Pacific region. The malware infiltrates systems
Source Document References
Information about the Dark Pink Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
6 months ago
Cyber threats surge in APAC region, reveals Group-IB report
Securityaffairs
10 months ago
DarkCasino joins the list of APT groups exploiting WinRAR 0day
CERT-EU
a year ago
My Tea's not cold : an overview of China's cyber threat – Global Security Mag Online
CERT-EU
a year ago
Darkweb credit card marts in decline across Asia
CERT-EU
a year ago
KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets - GIXtools
BankInfoSecurity
a year ago
Dark Pink APT Group 'Very Likely' Back in Action
CSO Online
a year ago
Dark Pink APT group linked to new KamiKakaBot attacks in Southeast Asia
InfoSecurity-magazine
a year ago
Dark Pink APT Group Deploys KamiKakaBot Against South Asian Entities
CERT-EU
a year ago
Dark Pink, a newly discovered hacking campaign, threatens Southeast Asian military, government organizations | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker – National Cyber Security Consulting
CERT-EU
a year ago
Hacker’s Playbook Threat Coverage Roundup: March 28, 2023
CERT-EU
a year ago
Lancefly APT Custom Backdoor Targets Government and Aviation Sectors