Dark Pink - Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 13:58:35 UTC
 APT group: Dark Pink
Names
Dark Pink (Group-IB)
Saaiwc Group (Anheng Hunting Labs)
Country [Unknown]
Motivation Information theft and espionage
First seen 2022
Description
(Group-IB) Group-IB, one of the global cybersecurity leaders, has today published
its findings into Dark Pink, an ongoing advanced persistent threat (APT) campaign
launched against high-profile targets in Cambodia, Indonesia, Malaysia, Philippines,
Vietnam, and Bosnia and Herzegovina that we believe, with moderate confidence,
was launched by a new threat actor. To date, Group-IB’s Threat Intelligence has been
able to attribute seven successful attacks to this particular group from June-December 2022, with targets including military bodies, government ministries and
agencies, and religious and non-profit organizations, although the list of victims
could be significantly longer. Group-IB also noted one unsuccessful attack on a
European state development body based in Vietnam.
Observed
Sectors: Defense, Education, Government, Non-profit organizations.
Countries: Belgium, Bosnia and Herzegovina, Brunei, Cambodia, Indonesia,
Malaysia, Philippines, Thailand, Vietnam.
Tools used
Ctealer, Cucky, KamiKakaBot, PowerSploit, TelePowerBot, ZMsg, Living off the
Land.
Operations performed Feb 2023
Dark Pink APT Group Strikes Government Entities in South Asian
Countries
Information
Last change to this card: 10 March 2024
Download this actor card in PDF or JSON format
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=3e381f2a-364f-4428-9f3c-a5abf03bac64
Page 1 of 2

Source: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=3e381f2a-364f-4428-9f3c-a5abf03bac64
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=3e381f2a-364f-4428-9f3c-a5abf03bac64
Page 2 of 2