A hacking group suspected of ties to an Asian government has broadened its targets to government agencies in countries including Indonesia and Thailand, carrying out cyber-espionage as recently as April, cybersecurity firm Group-IB says.
The perpetrators, dubbed Dark Pink by the Singapore-based company, infiltrated targets in five new nations using sophisticated malware and phishing emails. Their victims included government agencies in Brunei and Indonesia, a military body in Thailand, a non-profit organization in Vietnam and an educational institution in Belgium. The five nations joined eight previously identified targets across Southeast Asia and Europe, Group-IB said in a report published Wednesday.
Government and military organizations are prime targets for hackers given the confidential and sensitive data on their networks. Phishing emails are the top threat in Asia, a region that endured the highest number of cyberattacks in the world last year, comprising nearly a third of all global attacks, according to IBM Security’s annual threat index. The government and military agencies in the specified countries didn’t respond to emailed requests for comment.
“There is mounting evidence suggesting that Dark Pink is not a one-time campaign carried out by a known APT group, but rather a distinct and continuously evolving threat,” Group-IB malware analyst Andrey Polovinkin said, referring to advanced persistent threats or stealthy cyberattacks often sponsored by a government. “The risk of highly damaging confidential data leaks remains alarmingly high.”
Read more: Suspected State Hackers Stole Military Data From Asian Countries
While Dark Pink’s exact identity hasn’t been confirmed, researchers say it most likely originates from the Asia-Pacific given the location of the targets and evolving sophistication of its methods, including advanced malware built into a program posing as a Microsoft Word file. It was previously reported to have begun its hacking campaign in June 2021, and to have stolen documents and recorded audio from infected devices.
Chinese researchers from the Zhejiang-based firm DAS-Security also attributed attacks by the same group on the Philippine military, Cambodia’s economy and finance ministry and Indonesia’s foreign ministry. DAS-Security said the hackers, which they labeled the Saaiwc Group, were geopolitically motivated. That’s because of its “covert targeting of Association of Southeast Asian Nation countries’ military and foreign ministry departments,” it said in a February report.
--With assistance from Jamie Tarabay.