Malaysia was hit with numerous news of cyberattacks, most recently would be the one involving AirAsia, where a ransomware group stole passengers and employees data. A cyberattack is a deliberate exploitation of computer systems, networks, or technology-dependent enterprises, using techniques such as malware, phishing, and social engineering to disrupt operations, steal sensitive data, or gain unauthorized access to systems.
These attacks can be launched by individuals, organized groups, or nation-states, and can have significant consequences for organizations and individuals, including financial loss, reputational damage, and disruption of critical infrastructure. Now, we are greeted with yet another news of cyberattack, this time involving our military.
Malay Mail reports that according to a report by Bloomberg, a hacker group known as “Dark Pink” is targeting confidential government and military data in Malaysia and other Southeast Asian countries.
Group-IB, a cybersecurity company based in Singapore, stated that the group is suspected to have links to an Asian government and is using custom-made malware to infiltrate seven high-profile targets in Southeast Asia and Europe.
According to Group-IB:
The name Dark Pink was coined by forming a hybrid of some of the email addresses used by the threat actors during data exfiltration.
Bloomberg added that this recently discovered hacker group used phishing emails and advanced malware to infiltrate and attack military organizations in the Philippines and Malaysia, as well as in Cambodia, Indonesia, and Bosnia-Herzegovina.
The attacks occurred between September and December of last year. The group also targeted a non-profit, a religious organization, and a European state development agency based in Vietnam.
According to Group-IB’s malware analyst Andrey Polovinkin, the Dark Pink hacker group’s activity is noteworthy as it is evident that they were trying to steal documentation from networks they had infiltrated in order to obtain sensitive information.
The analyst said:
Taking into account the group’s modus operandi, its target list that includes mainly government and military bodies, as well as their sophisticated toolset, Dark Pink is most likely a previously undocumented nation-state espionage campaign.
The cyberattacks that likely originated from the Asia Pacific region were aimed at corporate espionage. The hackers sent phishing emails containing a link to download a malicious file which would then steal personal information from infected devices, including passwords, browser history, and data from social apps like Viber and Telegram.
Chinese researchers from the Zhejiang-based firm DAS-Security also published a report on WeChat last Friday naming the group as Saaiwc Group.
The group targeted a Vietnamese leadership initiative led by the US State Department, the Philippines military, and Cambodia’s ministry of economy and finance in various months in 2021, according to Bloomberg.
The report stated that government and military organizations are commonly targeted by hackers because of the sensitive information on their networks and email is still a common way for hackers to gain access.
IBM Security’s threat intelligence index reported that Asia received one out of every four recorded cyberattacks last year. Group-IB’s Threat Intelligence confirmed that Dark Pink executed seven attacks, and speculates that the group likely emerged in mid-2021, as per a discovered GitHub account.
Group-IB’s previous research has linked nation-state threat actors from China, North Korea, Iran, and Pakistan to increase cyber threats in the Asia Pacific region, which it sees as a major area for Advanced Persistent Threat (APT) activity. The research also warned that such attacks are typically carried out for the purpose of espionage.
For more in-depth and technical information, you can read Group-IB’s report HERE.