silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,151
The Dark Pink advanced persistent threat (APT) actor has been linked to a fresh set of attacks targeting government and military entities in Southeast Asian countries with a malware called KamiKakaBot.
Dark Pink, also called Saaiwc, was extensively profiled by Group-IB earlier this year, describing its use of custom tools such as TelePowerBot and KamiKakaBot to run arbitrary commands and exfiltrate sensitive information. The threat actor is suspected to be of Asia-Pacific origin and has been active since at least mid-2021, with an increased tempo observed in 2022.
"The latest attacks, which took place in February 2023, were almost identical to previous attacks," Dutch cybersecurity company EclecticIQ disclosed in a new report published last week.
"The main difference in the February campaign is that the malware's obfuscation routine has improved to better evade anti-malware measures."
KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets
Dark Pink is suspected to be of Asia-Pacific origin and has been linked to attacks targeting government and military entities with KamiKakaBot malware
thehackernews.com
