Suspected state hackers hit govt, military targets in S-E Asia

The hacker group, dubbed Dark Pink, used phishing e-mails and advanced malware to compromise the defences of military branches in the Philippines and Malaysia. PHOTO ILLUSTRATION: PEXELS

SINGAPORE - A hacking campaign suspected to be linked to an Asian government breached seven high-profile targets in South-east Asia and Europe, including government and military agencies, according to cyber-security firm Group-IB.

The newly identified hacker group, dubbed Dark Pink, used phishing e-mail messages and advanced malware to compromise the defences of military branches in the Philippines and Malaysia, as well as government organisations in Cambodia, Indonesia and Bosnia-Herzegovina, from September to December 2022.

Also targeted were a non-profit group, a religious organisation and a European state development agency based in Vietnam, Singapore-based Group-IB said in a report published on Wednesday.

The relevant government and military agencies in those countries did not immediately respond to e-mail requests for comment.

“Dark Pink’s activity is significant, as it is clear that they attempted to steal documentation from compromised networks in order to find sensitive information,” said Mr Andrey Polovinkin, a malware analyst at Group-IB.

“Taking into account the group’s modus operandi, its target list that includes mainly government and military bodies, as well as their sophisticated toolset, Dark Pink is most likely a previously undocumented nation-state espionage campaign.”

The cyber attacks that likely originated from the Asia-Pacific region were aimed at corporate espionage, including by stealing documents and recording audio from targeted devices, according to Group-IB.

The hackers sent their targets e-mail messages containing a website link that could be used to download a malicious file, which would then steal personal information from the infected devices, including passwords, browser history and data from social apps like Viber and Telegram.

Chinese researchers from Zhejiang-based firm DAS-Security also published a report on WeChat last Friday on the hackers, which it named Saaiwc Group.

It said the group had targeted a Vietnamese leadership initiative run by the US State Department, the Philippines military and Cambodia’s Ministry of Economy and Finance in May, October and November, respectively.

Government and military organisations are frequently prime targets for hackers, given the confidential and sensitive data on their networks, and e-mail continues to be one of the common breach methods.

Asia became the region most targeted by cyber attacks, according to IBM Security’s threat intelligence index last year, receiving one in four recorded attacks. BLOOMBERG

Join ST's Telegram channel and get the latest breaking news delivered to you.