"Dark Pink APT Group Expands Tooling and Targets"

The scope of a cyberattack campaign from APT group Dark Pink is broader than researchers first thought, with researchers identifying five new victims.  The group is linked to the Chinese state and was previously thought to only focus its efforts mainly on Southeast Asian countries.  However, security researchers at Group-IB have discovered new victims, including one in Belgium, as well as its first targets in Thailand and Brunei.  The researchers stated that the group uses a range of sophisticated custom tools and deploys multiple kill chains relying on spear-phishing emails.  Once the attackers gain access to a target’s network, they use advanced persistence mechanisms to stay undetected and maintain control over the compromised system.  Among the updates to its tactics, techniques, and procedures (TTPs) is a new version of the KamiKakaBot malware, with functionality now split into two parts: one dedicated to controlling devices and the other to stealing data.  The researchers also found a new GitHub account that hosts modules that can be installed onto victim machines when directed to do so by malicious code.  Payloads are also being distributed through the TextBin[.]net service.  The researchers also saw Dark Pink exfiltrate stolen data over HTTP using a service called Webhook.

Infosecurity reports: "Dark Pink APT Group Expands Tooling and Targets"