A hacking group suspected of ties to an Asian government has broadened its targets to government agencies in countries including Thailand and Indonesia, carrying out cyber-espionage as recently as April, the cybersecurity firm Group-IB says.
The perpetrators, dubbed Dark Pink by the Singapore-based company, infiltrated five new targets using sophisticated malware and phishing emails.
Their victims included government agencies in Brunei and Indonesia, an unidentified military body in Thailand in October last year, a non-profit organisation in Vietnam and an educational institution in Belgium.
The five targets joined eight previously identified targets across Southeast Asia and Europe, Group-IB said in a report published on Wednesday on its website.
Government and military organisations are prime targets for hackers given the confidential and sensitive data on their networks. Phishing emails are the top threat in Asia, a region that endured the highest number of cyberattacks in the world last year, comprising nearly a third of all global attacks, according to IBM Security’s annual threat index.
The government and military agencies in the specified countries did not respond to emailed requests for comment.
“There is mounting evidence suggesting that Dark Pink is not a one-time campaign carried out by a known APT (advanced persistent threat) group, but rather a distinct and continuously evolving threat,” Group-IB malware analyst Andrey Polovinkin said, referring to advanced persistent threats or stealthy cyberattacks often sponsored by a government.
“The risk of highly damaging confidential data leaks remains alarmingly high.”
While Dark Pink’s exact identity has not been confirmed, researchers say it most likely originates from the Asia-Pacific region given the location of the targets and evolving sophistication of its methods, including advanced malware built into a program posing as a Microsoft Word file.
It was previously reported to have begun its hacking campaign in June 2021, and to have stolen documents and recorded audio from infected devices. In addition to the latest April attack on an Indonesian government agency, Group-IB researchers identified updated files from Dark Pink as recently as May, suggesting the group has continued its work.
Chinese researchers from the Zhejiang-based firm DAS-Security also attributed attacks by the same group on the Philippine military, the Cambodian economy and finance ministry and the Indonesian foreign ministry.
DAS-Security said the hackers, which it labelled the Saaiwc Group, were geopolitically motivated. That’s because of its “covert targeting of Association of Southeast Asian Nation countries’ military and foreign ministry departments”, it said in a report in February.