Dark Pink APT Group Deploys KamiKakaBot Against South Asian Entities

This blog covers the recent hack of Dark Pink APT Group and how they used phishing emails to lure military and government organisations to deliver KamiKakaBot.

Who is Dark Pink APT?

Dark Pink APT is a group of cybercriminals active since 2018, according to researchers at Kaspersky. This group has targeted entities in South Asia, including governments and military organisations. The group uses various tools and techniques to achieve their objectives, most recently deploying a new malware known as KamiKakaBot.


What Happened?

The threat actor known as Dark Pink has been associated with deployments of the KamiKakaBot malware against multiple government entities in ASEAN (Association of Southeast Asian Nations) countries.

Threat researchers explained their findings that the observed attacks took place in February. Researchers found Dark Pink APT using phishing emails or social engineering lures against military and government organisations in Southeast Asian nations to deliver KamiKakaBot.


What is KamiKakaBot?

KamiKakaBot is a malicious bot designed by the Dark Pink APT Group to target victims in South Asia. It has been observed using spear phishing, credential harvesting, and command-and-control (C2) communication. It can download and execute additional payloads to gain persistence on infected systems. It also can gather system information, steal credentials, and exfiltrate data.


What Are the Implications of KamiKakaBot?

The deployment of KamiKakaBot by Dark Pink APT could have profound implications for organisations in South Asia. It could result in the theft of sensitive information or disruption of services, as well as the installation of additional malware that could remain undetected for extended periods.  The group has already successfully compromised government, military and other high-value targets in the region, so it is essential for organisations to ensure they have adequate security measures in place.

Here at DarkInvader, we provide actionable intelligence, to help managers predict, plan and prepare for future security breaches.


For the full story and our consultant's expert advice, listen to their discussion below on this week's ThreatBite episode.



blog

Related articles

Black Basta Cyber Attack Hits Capita

April 25, 2023

Read
Dark Web

Why Has There Been a Recent Spike in Ransomware Attacks

January 24, 2023

Read
Tech

Why Should Businesses Actively Search for Threats?

December 20, 2022

Read
Advice

It’s Time to Update Your Privacy Settings

October 14, 2022

Read
Advice

Why Should you Monitor the Dark Web?

September 8, 2022

Read
Dark Web

Is it Illegal to Browse the Dark Web?

September 8, 2022

Read
Dark Web