There is a hazardous new cybercrime gang operating in the Asia-Pacific area, and they have been seen focusing on government offices and military groups.
The threat actor seems to be using unconventional methods to steal sensitive data from endpoints, as reported by numerous cybersecurity companies.
Group-IB and Anheng Hunting Labs, two cybersecurity companies, were originally following the attackers. One source refers to them as Dark Pink, while another refers to them as Saaiwc Group. For initial deployment, the hackers use spear phishing assaults, and infected USB devices facilitate further distribution.
taking advantage of a weakness that is already well-known
Spear phishing emails sometimes take the form of bogus job applications that include malicious ISO files. These documents would exploit a critical flaw in Office/WordPad (CVE-2017-0199) to remotely instal either Ctealer or Cucky (custom-built infostealers). After that time period, they would release a registry implant known as TelePowerBot.
KamiKakaBot, which is programmed to understand and carry out instructions, was also used in a different approach.
Most of today’s common web browsers are vulnerable to Cucky and Ctealer since they were created to steal passwords, browsing history, stored credentials, and cookies (and then some). Even more alarmingly, the gang can access messaging apps, steal papers, and record audio from compromised devices’ microphones.
Several common commands (such as net share and Get-SmbShare) are used by the threat actors during infection to learn what shares are available on the network from the compromised machine. “If we discover network disc use, we will immediately begin studying this disc in search of data that may be of interest to us and perhaps exfiltrate them,” Group-IB said.
According to the studies, the organisation carried out at least seven successful strikes in the second half of 2022.
All seven identified targets have been informed of the assault and given advice on how to respond. The researchers believe that a far larger number of organisations were hacked by the gang, although they have not found any concrete evidence of this.
Subtly charming pop culture geek. Amateur analyst. Freelance tv buff. Coffee lover