Continue reading this on our app for a better experience

Open in App
Floating Button
Home News Tech

Suspected state-backed hackers hit series of new targets

Bloomberg
Bloomberg • 3 min read
Suspected state-backed hackers hit series of new targets
A hacking group suspected of ties to an Asian government has broadened its targets to government agencies in countries including Indonesia and Thailand. Photo: Bloomberg
Font Resizer
Share to Whatsapp
Share to Facebook
Share to LinkedIn
Scroll to top
Follow us on Facebook and join our Telegram channel for the latest updates.

A hacking group suspected of ties to an Asian government has broadened its targets to government agencies in countries including Indonesia and Thailand, carrying out cyber-espionage as recently as April, cybersecurity firm Group-IB says.

The perpetrators, dubbed Dark Pink by the Singapore-based company, infiltrated five new targets using sophisticated malware and phishing emails. Their victims included government agencies in Brunei and Indonesia, a military body in Thailand, a non-profit organization in Vietnam and an educational institution in Belgium. The five targets joined eight previously identified targets across Southeast Asia and Europe, Group-IB said in a report published Wednesday.

Government and military organizations are prime targets for hackers given the confidential and sensitive data on their networks. Phishing emails are the top threat in Asia, a region that endured the highest number of cyberattacks in the world last year, comprising nearly a third of all global attacks, according to IBM Security’s annual threat index. The government and military agencies in the specified countries didn’t respond to emailed requests for comment.

“There is mounting evidence suggesting that Dark Pink is not a one-time campaign carried out by a known APT group, but rather a distinct and continuously evolving threat,” Group-IB malware analyst Andrey Polovinkin said, referring to advanced persistent threats or stealthy cyberattacks often sponsored by a government. “The risk of highly damaging confidential data leaks remains alarmingly high.”

While Dark Pink’s exact identity hasn’t been confirmed, researchers say it most likely originates from the Asia-Pacific given the location of the targets and evolving sophistication of its methods, including advanced malware built into a program posing as a Microsoft Word file.

It was previously reported to have begun its hacking campaign in June 2021, and to have stolen documents and recorded audio from infected devices. In addition to the latest April attack on an Indonesian government agency, Group-IB researchers identified updated files from Dark Pink as recently as May, suggesting the group has continued its work.

See also: Australia’s social media ban for under 16s to become law

Chinese researchers from the Zhejiang-based firm DAS-Security also attributed attacks by the same group on the Philippine military, Cambodia’s economy and finance ministry and Indonesia’s foreign ministry. DAS-Security said the hackers, which they labelled the Saaiwc Group, were geopolitically motivated. That’s because of its “covert targeting of Association of Southeast Asian Nation countries’ military and foreign ministry departments,” it said in a February report.

×
The Edge Singapore
Download The Edge Singapore App
Google playApple store play
Keep updated
Follow our social media
© 2024 The Edge Publishing Pte Ltd. All rights reserved.