APT Wars Ignited a Series of Cyber-attacks among Hellsing and its Rivals

One of the most active Cyberespionage groups in Asia, Naikon has launched a number of attacks in Asia and instigated what is being called the APT Wars. The group decided to hit out at another threat actor.
Kaspersky Labs researchers revealed that one of Naikon’s targets, Hellsing, had spotted the attempt to infect its system with a spear-phishing email carrying a malicious attachment. Although Kaspersky considered the group as “technically unremarkable”, nonthless, it accepted the e-mail carrying malicious attachment with displeasures. As the group questioned its authencity and was left dissatisfied, Hellsing then sent back the phishing campaign comprising Naikon’s own malware.

The group first emailed the sender back, requesting for identification of the email and where it was sent from. As the attacker was familiar with the internal structure of the  target’s government agency so it answered that they worked for the secretarial division of the government and it was mandated to send the email by management.

As explained by Kaspersky, the following email was sent to the attacker by the target: 

“The attachment is a RAR archive with password, which allows it to safely bypass malware scanners associated with the free email account used by the attackers.”

The payload of the spear-phishing email was a custom backdoor which is adequate to downloading and uploading files, updating and uninstalling by themselves. It appears from the counterattack method that Hellsing was keen to gather surveillance data on its attacker.
Hellsing is very selective in terms of the type of organisations targeted, attempting to infect mostly government and diplomatic entities. Kaspersky said it has detected and blocked Hellsing malware in Malaysia, the Philippines, India, Indonesia and the US.
The company stated that the threat has been active since 2012, and by installing the malware, victims are likely to exposed their systems to a custom backdoor with upload and download capabilities.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...