Suspected state hackers stole military data from Philippines, Malaysia
A hacking campaign suspected to be linked to an Asian government breached seven high-profile targets in Southeast Asia and Europe, including government and military agencies, according to the cybersecurity firm Group-IB.
The newly identified hacker group, dubbed Dark Pink, used phishing emails and advanced malware to compromise the defenses of military branches in the Philippines and Malaysia, as well as government organizations in Cambodia, Indonesia, and Bosnia-Herzegovina, from September to December last year. Also targeted were a non-profit, a religious organization, and a European state development agency based in Vietnam, Singapore-based Group-IB said in a report published Wednesday.
The relevant government and military agencies in those countries didn’t immediately respond to emailed requests for comment.
“Dark Pink’s activity is significant, as it is clear that they attempted to steal documentation from compromised networks in order to find sensitive information,” said Andrey Polovinkin, a malware analyst at Group-IB. “Taking into account the group’s modus operandi, its target list that includes mainly government and military bodies, as well as their sophisticated toolset, Dark Pink is most likely a previously undocumented nation-state espionage campaign.”
The cyberattacks that likely originated from the Asia-Pacific region were aimed at corporate espionage, including by stealing documents and recording audio from targeted devices, according to Group-IB. The hackers sent their targets emails containing a website link that could be used to download a malicious file, which would then steal personal information from the infected devices including passwords, browser history, and data from social apps like Viber and Telegram.
Chinese researchers from the Zhejiang-based firm DAS-Security also published a report on WeChat last Friday on the hackers, which it named Saaiwc Group. It said the group had targeted a Vietnamese leadership initiative run by the US State Department, the Philippines military, and Cambodia’s ministry of economy and finance in May, October, and November respectively.
Government and military organizations are frequently prime targets for hackers, given the confidential and sensitive data on their networks, and email continues to be one of the common breach methods. Asia became the region most targeted by cyberattacks, according to IBM Security’s threat intelligence index last year, receiving one in four recorded attacks. — Bloomberg