While this threat actor has been seen making use of custom malware, Dark Pink, like most threat actors, is still relying on phishing to gain their initial access into an environment. Phishing is one of the most prominent tactics used by threat actors, with the frequency and volume of phishing-related attacks on the rise every year. To protect against phishing, it is recommended to provide sufficient user training and education, as well as implementing an email security solution to monitor emails. Potential rules could include monitoring any emails that have a domain listed in a reliable threat feed or a suspicious top-level domain. However, there are numerous other ways that an enterprise could detect a threat actor such as this. Potential solutions include monitoring ISO mounts, as well as limiting users who can mount ISO files, monitoring for any commands reaching out to external sites, and monitoring for attempts at reconnaissance or data exfiltration in other ways.
https://www.bleepingcomputer.com/news/security/new-dark-pink-apt-group-targets-govt-and-military-with-custom-malware/
