Asian Threat Group Dark Pink Keeps Expanding Footprint, Adds Five New Victims

NSO now under new leadership, Attackers target wallets in Discord communities, .ZIP phishing toolkit developed, Lazarus targets Windows IIS, El Dorado hacker returns $400K, much more

Check out my latest CSO column on cybersecurity pioneer Mikko Hyppönen, who thinks we’ll see AI-powered automated malware campaigns within months.

Image creation from Dall-E2

Researchers at Group-IB say that a hacking group dubbed Dark Pink, suspected of ties to an Asian government has broadened its targets to government agencies in new countries, including Indonesia and Brunei, carrying out cyber espionage as recently as April.

The group infiltrated five new targets using sophisticated malware and phishing emails. Their victims included government agencies in Brunei and Indonesia, a military body in Thailand, a non-profit organization in Vietnam, and an educational institution in Belgium. Group-IB says that 13 organizations in 9 countries have fallen victim to this malicious actor.

“There is mounting evidence suggesting that Dark Pink is not a one-time campaign carried out by a known APT group, but rather a distinct and continuously evolving threat,” Group-IB malware analyst Andrey Polov…