APT Wars Ignited a Series of Cyber-attacks among Hellsing and its Rivals

One of the most active Cyberespionage groups in Asia, Naikon has launched a number of attacks in Asia and instigated what is being called the APT Wars. The group decided to hit out at another threat actor.
Kaspersky Labs researchers revealed that one of Naikon’s targets, Hellsing, had spotted the attempt to infect its system with a spear-phishing email carrying a malicious attachment. Although Kaspersky considered the group as “technically unremarkable”, nonthless, it accepted the e-mail carrying malicious attachment with displeasures. As the group questioned its authencity and was left dissatisfied, Hellsing then sent back the phishing campaign comprising Naikon’s own malware.

The group first emailed the sender back, requesting for identification of the email and where it was sent from. As the attacker was familiar with the internal structure of the  target’s government agency so it answered that they worked for the secretarial division of the government and it was mandated to send the email by management.

As explained by Kaspersky, the following email was sent to the attacker by the target: 

“The attachment is a RAR archive with password, which allows it to safely bypass malware scanners associated with the free email account used by the attackers.”

The payload of the spear-phishing email was a custom backdoor which is adequate to downloading and uploading files, updating and uninstalling by themselves. It appears from the counterattack method that Hellsing was keen to gather surveillance data on its attacker.
Hellsing is very selective in terms of the type of organisations targeted, attempting to infect mostly government and diplomatic entities. Kaspersky said it has detected and blocked Hellsing malware in Malaysia, the Philippines, India, Indonesia and the US.
The company stated that the threat has been active since 2012, and by installing the malware, victims are likely to exposed their systems to a custom backdoor with upload and download capabilities.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Exploit Heartbleed using Metasploit in Kali Linux

Heartbleed vulnerability (registered as CVE-2014-0160) is a security bug present in the older version of OpenSSL cryptographic library. OpenSSL is a cryptographic toolkit used...

How to Install Parrot Security OS on VirtualBox in 2020

Parrot Security OS is a free GNU/LINUX distribution, released on 10th April 2013. It is a mixture of Kali Linux and Frozenbox OS, aims to...

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...