Researchers at Group-IB are tracking a previously unknown threat actor dubbed “Dark Pink” that’s using spear phishing attacks to target government, military, and religious organizations. Most of the attacks were focused on countries in Southeast Asia, though one of them targeted an entity in Bosnia and Herzegovina.
“A large part of the success of Dark Pink was down to the spear-phishing emails used to gain initial access. In one such attack, Group-IB was able to find the original email sent by the threat actors,” the researchers write. “In this one instance, the threat actor posed as a job applicant applying for the position of PR and Communications intern. In the email, the threat actor mentions that they found the vacancy on a jobseeker site, which could suggest that the threat actors scan job boards and use this information to create highly relevant phishing emails.”
The spear phishing emails were designed to trick employees into downloading an ISO file containing malware.
“The emails contain a shortened URL linking to a free-to-use file sharing site, where the victim is presented with the option to download an ISO image that contains all the files needed for the threat actors to infect the victim’s network,” Group-IB says. “During our investigation into Dark Pink, we discovered that the threat actors leveraged several different ISO images, and we also noted that the documents contained in these ISO images varied from case to case. According to the information available to us, we strongly believe that the Dark Pink threat actors craft a unique email to each victim, and we do not discount that the threat actors can send the malicious ISO image as a direct attachment to the victim via email.”
New-school security awareness training can give your employees a healthy sense of suspicion so they can thwart targeted social engineering attacks.
Group-IB has the story.