Features
Attack Surface MappingVIP MonitoringBrand IntelligenceCredential ExposureDark Web MonitoringOSINTResearch TeamThreat HuntingThreat Intelligence
MSSP Partners
About
Platform
Blog
Contact Us
Contact Us
Contact Us
Contact Us

Dark Pink APT Group Deploys KamiKakaBot Against South Asian Entities

This blog covers the recent hack of Dark Pink APT Group and how they used phishing emails to lure military and government organisations to deliver KamiKakaBot. Read our blog to uncover the full story.

STORMBREAKER

May 10, 2023

Advice

Who is Dark Pink APT?

Dark Pink APT is a group of cybercriminals active since 2018, according to researchers at Kaspersky. This group has targeted entities in South Asia, including governments and military organisations. The group uses various tools and techniques to achieve their objectives, most recently deploying a new malware known as KamiKakaBot.


What Happened?

The threat actor known as Dark Pink has been associated with deployments of the KamiKakaBot malware against multiple government entities in ASEAN (Association of Southeast Asian Nations) countries.

Threat researchers explained their findings that the observed attacks took place in February. Researchers found Dark Pink APT using phishing emails or social engineering lures against military and government organisations in Southeast Asian nations to deliver KamiKakaBot.


What is KamiKakaBot?

KamiKakaBot is a malicious bot designed by the Dark Pink APT Group to target victims in South Asia. It has been observed using spear phishing, credential harvesting, and command-and-control (C2) communication. It can download and execute additional payloads to gain persistence on infected systems. It also can gather system information, steal credentials, and exfiltrate data.


What Are the Implications of KamiKakaBot?

The deployment of KamiKakaBot by Dark Pink APT could have profound implications for organisations in South Asia. It could result in the theft of sensitive information or disruption of services, as well as the installation of additional malware that could remain undetected for extended periods.  The group has already successfully compromised government, military and other high-value targets in the region, so it is essential for organisations to ensure they have adequate security measures in place.

Here at DarkInvader, we offer our Threat Intelligence & Dark Web Monitoring services to provide actionable intelligence, to help managers predict, plan and prepare for future security breaches.


For the full story and our consultant's expert advice, listen to their discussion below on this week's ThreatBite episode.



STORMBREAKER

Dark Web Researcher

As a researcher at DarkInvader, STORMBREAKER expertise lies in collecting, analysing, and disseminating information about potential cyber threats to an organisation.

Categories

News
Ransomware Gangs
Tech
Advice
Threat Intelligence
Dark Web
OSINT

Month

JanFebMarAprilMayJuneJulyAugustSepOctNovDec

blog

Related articles

No items found.
Book
Book

Features

Threat HuntingAttack Surface MappingThreat IntelligenceResearch TeamVIP MonitoringOSINTCredential ExposureBrand IntelligenceDark Web Monitoring

Partners

MSSP Partners

Company

About DarkinvaderThe PlatformContact

Resources

Portal Log-inArticles

DarkInvader
Calls Wharf, 2 The Calls,
Leeds, LS2 7JU



©2023 DarkInvader
All Rights Reserve