A previously unknown actor of an “advanced persistent threat” (APT) is targeting government and military organizations in the Asia-Pacific region, according to a report from Singapore-based cybersecurity firm Group-IB.
The group, which is tracking the campaign under the name “Dark Pink,” has attributed seven successful attacks to the adversarial collective between June and December 2022.
The majority of the attacks have targeted military bodies, government agencies, and religious and non-profit organizations in Cambodia, Indonesia, Malaysia, the Philippines, Vietnam, and Bosnia and Herzegovina.
Group-IB estimates that the APT group began operations in mid-2021, using a custom toolkit designed to extract valuable information from compromised networks.
The group has been observed using spear-phishing emails and Telegram API for command-and-control communications.
Group-IB noted that it is likely of Asian-Pacific origin given the geolocation of identified victims, but currently, there is not enough data to explicitly attribute the threat actor to a particular country.