Introduction
DarkPink is an APT group that has been active since mid-2021, primarily targeting government, military, and non-profit organizations in Southeast Asia and Europe. The group employs spear phishing techniques, utilizing ISO images and malicious PDF files to deliver custom Trojan programs like TelePowerBot and KamiKakaBot for information theft. They have exploited vulnerabilities such as CVE-2023-38831 to enhance their attack processes and maintain persistence through DLL side-loading and scheduled tasks. DarkPinkβs operations are characterized by stealth and precision, making them a significant threat in the cyber landscape.
Activities and Tactics
Country of Origin: π¨π³ China
First Seen: 2023
Last Activity: 2023
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No atomic indicators are listed in this profile. The APTnotes snapshot indexes 1 public reports that may contain IOCs; see Source Attribution for dataset links.
Malware and Tools
- PowerDuke
- POWERSTATS
- Power Loader
- Trojan.Karagany
- POWERSOURCE
- Trojan.Mebromi
- CyberGate
- Cyber Eye RAT
- Xploit
- PowerRAT
Attribution and Evidence
Country of Origin: China Additional attribution information pending cataloguing.
References
References pending cataloguing.