KUALA LUMPUR, Jan 12 — Malaysia and other South-east Asian countries are under a new cyber threat from a hacker group targeting confidential government and military data, according to a report by news agency Bloomberg.
Citing information from Group-IB, a Singapore-based cybersecurity company, Bloomberg reported that a hacker group dubbed “Dark Pink” which is suspected to be linked to an Asian government, is using custom malware to infiltrate its seven high-profile targets in South-east Asia and Europe.
“The newly identified hacker group, dubbed Dark Pink, used phishing emails and advanced malware to compromise the defenses of military branches in the Philippines and Malaysia, in Cambodia, Indonesia, and Bosnia-Herzegovina, from September to December last year.
“Also targeted were a non-profit, a religious organisation, and a European state development agency based in Vietnam,” Bloomberg said in a report yesterday.
Group-IB’s malware analyst Andrey Polovinkin said Dark Pink’s activity is significant, as it is clear that they attempted to steal documentation from compromised networks in order to find sensitive information.
“Taking into account the group’s modus operandi, its target list that includes mainly government and military bodies, as well as their sophisticated toolset, Dark Pink is most likely a previously undocumented nation-state espionage campaign,” he was quoted as saying.
The report added that the cyberattacks that likely originated from the Asia Pacific region were aimed at corporate espionage, including by stealing documents and recording audio from targeted devices.
“The hackers sent their targets emails containing a website link that could be used to download a malicious file, which would then steal personal information from the infected devices including passwords, browser history, and data from social apps like Viber and Telegram.”
The report also said Chinese researchers from the Zhejiang-based firm DAS-Security also published a report on WeChat last Friday regarding the hackers, which it named Saaiwc Group.
It said the group had targeted a Vietnamese leadership initiative run by the US State Department, the Philippines military, and Cambodia’s ministry of economy and finance in May, October, and November respectively.
Bloomberg said government and military organisations were being frequent prime targets for hackers due to the confidential and sensitive data on their networks.
It pointed out that email continues to be one of the common breach methods by hackers.
“Asia became the region most targeted by cyberattacks, according to IBM Security’s threat intelligence index last year, receiving one in four recorded attacks.”
Group-IB’s sector-leading Threat Intelligence confirmed seven attacks by Dark Pink, which it believes most probably emerged as early as mid-2021 based on a discovered GitHub account.
GitHub is a web-based interface code hosting platform for version control and collaboration. It lets the user and others work together on projects from anywhere.
Group-IB’s previous research have tied various nation-state threat actors from China, North Korea, Iran, and Pakistan to increased cyber threats in the Asia Pacific region, which it considers a “key arena” of APT activity.
The research cautions that such attacks are usually carried out for the purpose of espionage.