• Thu. Oct 12th, 2023

Dark Pink: masters of disguise or elite cybercriminal agents?

Avatar photo

ByEsme Greene

Jul 9, 2023
Dark Pink: cybercriminal agents or disguises?
Esme Greene
Latest posts by Esme Greene (see all)

Cybersecurity researchers have connected five fresh assaults against diverse firms in Belgium, Brunei, Indonesia, Thailand, and Vietnam to a cybercriminal outfit named Dark Pink, also known as the Saaiwc Group. Educational institutions, governmental organizations, military groups, and non-profit organizations were the victims of the hackers.

Dark Pink is a sophisticated hacker collective that predominantly targets targets in East Asia and, to a lesser degree, Europe. It appears to have originated in the Asia-Pacific region.

What is Known About Cyber Threats

Attacks by Dark Pink continue to use ISO images that are sent via phishing emails to the target device. Following the initial infection, DLL Sideloading launches the “TelePowerBot” and “KamiKakaBot” brand-named backdoors of cybercriminals. Backdoors, in turn, offer a number of features to steal private information from infected hosts.

Andrey Polovinkin, a malware analyst at Group-IB, revealed in a technical paper that “once the attackers gain access to the target’s network, they use advanced access retention mechanisms to remain undetected and maintain control over the compromised system.”

To prevent researchers from being able to analyze the Dark Pink hacker group’s attack sequence, adjustments were made. The KamiKakaBot currently has different features for device control and data collecting, and it is controlled by hackers via Telegram. Group-IB discovered a fresh GitHub account associated with Dark Pink that has just been posted ZIP archives, PowerShell scripts, and malicious tools.

Dark Pink uses Telegram for command and control (C2) activities and also uses the “webhook.site” service to steal data through HTTP. They make use of a malicious Microsoft Excel add-on to keep TelePowerBot accessible on affected hosts.

Unsolved Mystery

The reason behind Dark Pink’s espionage remains a mystery. It’s believed that their objectives are more extensive than first thought. Only 13 attacks have been traced to the group since mid-2021, with five new victims; this low number implies the gang prefers to keep a low profile and choose its targets carefully to reduce the chance of being discovered. In order to remain undetected, hackers improve their tools when they aren’t actively working.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.