Who is Dark Pink APT?
Dark Pink APT is a group of cybercriminals active since 2018, according to researchers at Kaspersky. This group has targeted entities in South Asia, including governments and military organisations. The group uses various tools and techniques to achieve their objectives, most recently deploying a new malware known as KamiKakaBot.
What Happened?
The threat actor known as Dark Pink has been associated with deployments of the KamiKakaBot malware against multiple government entities in ASEAN (Association of Southeast Asian Nations) countries.
Threat researchers explained their findings that the observed attacks took place in February. Researchers found Dark Pink APT using phishing emails or social engineering lures against military and government organisations in Southeast Asian nations to deliver KamiKakaBot.
What is KamiKakaBot?
KamiKakaBot is a malicious bot designed by the Dark Pink APT Group to target victims in South Asia. It has been observed using spear phishing, credential harvesting, and command-and-control (C2) communication. It can download and execute additional payloads to gain persistence on infected systems. It also can gather system information, steal credentials, and exfiltrate data.
What Are the Implications of KamiKakaBot?
The deployment of KamiKakaBot by Dark Pink APT could have profound implications for organisations in South Asia. It could result in the theft of sensitive information or disruption of services, as well as the installation of additional malware that could remain undetected for extended periods. The group has already successfully compromised government, military and other high-value targets in the region, so it is essential for organisations to ensure they have adequate security measures in place.
Here at DarkInvader, we provide actionable intelligence, to help managers predict, plan and prepare for future security breaches.
For the full story and our consultant's expert advice, listen to their discussion below on this week's ThreatBite episode.
