APT Wars Ignited a Series of Cyber-attacks among Hellsing and its Rivals

One of the most active Cyberespionage groups in Asia, Naikon has launched a number of attacks in Asia and instigated what is being called the APT Wars. The group decided to hit out at another threat actor.
Kaspersky Labs researchers revealed that one of Naikon’s targets, Hellsing, had spotted the attempt to infect its system with a spear-phishing email carrying a malicious attachment. Although Kaspersky considered the group as “technically unremarkable”, nonthless, it accepted the e-mail carrying malicious attachment with displeasures. As the group questioned its authencity and was left dissatisfied, Hellsing then sent back the phishing campaign comprising Naikon’s own malware.

The group first emailed the sender back, requesting for identification of the email and where it was sent from. As the attacker was familiar with the internal structure of the  target’s government agency so it answered that they worked for the secretarial division of the government and it was mandated to send the email by management.

As explained by Kaspersky, the following email was sent to the attacker by the target: 

“The attachment is a RAR archive with password, which allows it to safely bypass malware scanners associated with the free email account used by the attackers.”

The payload of the spear-phishing email was a custom backdoor which is adequate to downloading and uploading files, updating and uninstalling by themselves. It appears from the counterattack method that Hellsing was keen to gather surveillance data on its attacker.
Hellsing is very selective in terms of the type of organisations targeted, attempting to infect mostly government and diplomatic entities. Kaspersky said it has detected and blocked Hellsing malware in Malaysia, the Philippines, India, Indonesia and the US.
The company stated that the threat has been active since 2012, and by installing the malware, victims are likely to exposed their systems to a custom backdoor with upload and download capabilities.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Become an Expert in Ethical Hacking

This article is mainly addressing the audience who wants to pursue their career in Cybersecurity as a professional that provides ethical hacking services, whether...

5 Cybersecurity Tips to Keep in Mind When Working From Home

  Due to the ongoing global health crisis, more and more people are being forced to work from their homes. In fact, Forbes estimates that about...

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...