Introduction

Recently, MyCERT was informed of an APT attack that targeted several countries in the APAC region, particularly in the South East Asia region. The activity is possibly linked to the Threat Actor (TA), Dark Pink, the name given by Group-IB, generally associated with APT attacks. However, at the present, Group-IB cannot attribute the campaign to any known threat actor, making it highly likely that Dark Pink is an entirely new APT group. The name Dark Pink was coined based on some of the email addresses used by the threat actors during data exfiltration. The APT group has also been termed Saaiwc Group by Chinese cybersecurity researchers.

Dark Pink launched seven successful attacks against high-profile targets between June and December 2022. The victims are located in five APAC countries, namely Vietnam, Malaysia, Indonesia, Cambodia, Philippines and a European country, Bosnia and Herzegovina). Victims included military bodies, government and development agencies, religious organisations, and non-profit organisations. For instance, one unsuccessful attack was launched against a European state development agency based in Vietnam in October 2022.