In 2023, the Dark Pink APT cyber group has been spotted targeting government, military, and education organisations in Indonesia, Brunei, and Vietnam.
The threat group has been active since at least mid-2021, primarily targeting companies in the Asia-Pacific region, but it was initially revealed by a Group-IB report in January 2023.
After analyzing indicators of earlier activity by the threat actor, the researchers identified more breaches against an educational institute in Belgium and a military entity in Thailand. One of these PowerShell scripts is essential to Dark Pink’s lateral movement approach, assisting in the identification and interaction with SMB shares on the network.
The script downloads a ZIP archive from GitHub, saves it to a local directory, and then creates LNK files on each SMB share that is linked to the malicious executable contained in the package. When these LNK files are opened, the malicious executable is launched, accelerating Dark Pink’s spread across the network and extending its reach to new systems.
Dark Pink also employs PowerShell instructions to detect the existence of legitimate software and development tools on the infected device, which they can then exploit.
These tools include ‘AccCheckConsole.exe,”remote.exe,’ ‘Extexport.exe,’ ‘MSPUB.exe,’ and ‘MSOHTMED.exe,’ all of which can be used for proxy execu
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: