Cybercrime
Dark Pink APT Group Deploys KamiKakaBot Against South Asian Entities
Barnarby Holdsworth-Kirby
September 20, 2024
Summary
This blog covers the recent hack of Dark Pink APT Group and how they used phishing emails to lure military and government organisations to deliver KamiKakaBot. Read our blog to uncover the full story.

Who is Dark Pink APT?

Dark Pink APT is a group of cybercriminals active since 2018, according to researchers at Kaspersky. This group has targeted entities in South Asia, including governments and military organisations. The group uses various tools and techniques to achieve their objectives, most recently deploying a new malware known as KamiKakaBot.


What Happened?

The threat actor known as Dark Pink has been associated with deployments of the KamiKakaBot malware against multiple government entities in ASEAN (Association of Southeast Asian Nations) countries.

Threat researchers explained their findings that the observed attacks took place in February. Researchers found Dark Pink APT using phishing emails or social engineering lures against military and government organisations in Southeast Asian nations to deliver KamiKakaBot.


What is KamiKakaBot?

KamiKakaBot is a malicious bot designed by the Dark Pink APT Group to target victims in South Asia. It has been observed using spear phishing, credential harvesting, and command-and-control (C2) communication. It can download and execute additional payloads to gain persistence on infected systems. It also can gather system information, steal credentials, and exfiltrate data.


What Are the Implications of KamiKakaBot?

The deployment of KamiKakaBot by Dark Pink APT could have profound implications for organisations in South Asia. It could result in the theft of sensitive information or disruption of services, as well as the installation of additional malware that could remain undetected for extended periods.  The group has already successfully compromised government, military and other high-value targets in the region, so it is essential for organisations to ensure they have adequate security measures in place.

Here at DarkInvader, we offer our Threat Intelligence & Dark Web Monitoring services to provide actionable intelligence, to help managers predict, plan and prepare for future security breaches.


For the full story and our consultant's expert advice, listen to their discussion below on this week's ThreatBite episode.



Barnarby Holdsworth-Kirby

Barnaby Holdsworth-Kirby is an award-nominated open-source investigator at DarkInvader and a proud member of the UK OSINT community. With deep expertise and a passion for uncovering hidden insights, Barnaby is dedicated to advancing the field of open-source intelligence, helping organisations navigate complex security challenges with precision and insight.

Sign Up for Your Free Account

Unlock continuous, real-time security monitoring with DarkInsight. Sign up for your free account today and start protecting your external attack surface from potential threats.

Create My Free Account

Platform Features

Asset DiscoveryAsset MonitoringVulnerability ScanningDark Web MonitoringLeaked Credentials
OSINT MonitoringDNS MonitoringBrand MonitoringVIP MonitoringResearch TeamWebsite Takedowns
Management ReportsThird-Party IntegrationsClient-Facing API

Company

PlansAboutPartnersContact

Resources

Blog

DarkInvader, Calls Wharf, 2 The Calls, Leeds, LS2 7JU
 ©2024 DarkInvader, All Rights Reserved