A notorious hacking group known as Dark Pink has recently carried out five targeted attacks on governments, militaries, and organizations in Belgium, Thailand, Brunei, Vietnam, and Indonesia.
For several months, cybersecurity experts from Group-IB have closely monitored the activities of Dark Pink. The group has been active since mid-2021, successfully compromising at least 13 organizations across Europe and the Asia-Pacific region.
This advanced persistent threat (APT) group primarily focuses on extracting valuable data and has yet to be linked to any specific country or previously known hacking group.
The latest wave of attacks occurred in January and April, targeting government ministries in Brunei and Indonesia. However, further investigations by the researchers revealed an earlier attack on an educational organization in Belgium dating back to February 2022.
In addition to the aforementioned attack in Belgium and the two most recent incidents, Group-IB also uncovered two other attacks. One targeted a military organization in Thailand in October 2022, while the other affected a nonprofit organization in Vietnam in late December 2022.
“While the majority of the attacks were concentrated in the Asia-Pacific region, it is noteworthy that two European-based organizations were also targeted. This suggests that the threat actor’s geographical scope might be wider than initially believed,” explained the researchers.
“The occurrence of two attacks in 2023 indicates that Dark Pink remains active and continues to pose an ongoing risk to organizations. The evidence suggests that the cybercriminals responsible for these attacks regularly update their existing tools to evade detection.”
In earlier reports this year, Group-IB, alongside other security firms, had identified attacks against “high-profile targets” in Cambodia, Indonesia, Malaysia, the Philippines, Vietnam, as well as Bosnia and Herzegovina.