Gang Warfare: Hacking Groups Clash In Cyberspace

Hellsing_1.jpg

One day last year, an obscure cyber espionage group sent a spear phishing e-mail. It carried the usual trappings of a spear phish sent by advanced persistent threat actors. It was short, appeared to come from an address the target knew, and attached a payload that when clicked surreptitiously installed potent malware on the reader's computer.
But there was something highly unusual about this spear phish, one that would throw the once-shadowy Hellsing group into the limelight. According to analysis from antivirus provider Kaspersky Lab, the targeted group in the spear phish wasn't a government agency or embassy as is usually the case. Instead, it was Naikon, one of Asia's largest APT (Advanced Packaging Tools) gangs and a rival to Hellsing. Naikon has been active for years and is known for attacks targeting government and military leaders, diplomats, aviation authorities, and police in countries such as the Philippines, Malaysia, Cambodia, and Indonesia.
Parenthetically, a few weeks after Kaspersky Lab researchers observed Naikon targeting Hellsing came the March 8, 2014 disappearance of Malaysia Airlines Flight 370. Three days later, Naikon launched a campaign that hit most of the countries involved in the search, with booby-trapped e-mails sent to political and military leaders, diplomats, civil aviation authorities, and police. The Naikon gang, it seemed, was eager to learn whatever it could about the behind-the-scenes recovery mission for the missing flight.
Kaspersky Lab researchers said Hellsing is known to have infected only about 20 organizations, an indication of just how niche and selective the attack group is. Hellsing is also highly selective about the regions it targets, limiting them to the US, Malaysia, the Philippines, Indonesia, and India. The name Hellsing comes from the project title a developer carelessly left in some of the malicious binaries the group uses in its campaigns. It remains unknown if Hellsing succeeded in its attempt to infect Naikon. 
An analysis of the command and control infrastructure shows Hellsing has ties to fellow groups known as PlayfulDragon, Mirage, and Vixen Panda.
Server locations also suggest links to the APT group known as Cycldek or Goblin Panda. Kaspersky's blog post lays out a feast of other technical details about the gang. This may have been one of the first times an APT-on-APT attack has been witnessed, but it's probably not the last.
Ars Technica: http://bit.ly/1FSSmvx

« Threat Intelligence Is a Two-Way Street
Russian Hackers Use Flash Zero-Day Flaws »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

AtkinsRéalis

AtkinsRéalis

AtkinsRealis is a market-leading design, engineering and project management consultancy operating in fields ranging from infrastructure, through energy and transport to cybersecurity.

Biscom

Biscom

Biscom offers solutions for secure file transfer, synchronization, file translation, and mobile devices, designed to deliver mission-critical reliability, streamline workflows and reduce costs.

Nutanix

Nutanix

The Nutanix enterprise cloud platform provides performance, robust security, and seamless application mobility for a broad range of enterprise applications.

Kount

Kount

Kount's “decision engine” platform is ideal for managing fraud in online/telephone channels that process payments and onboard new customers.

Norwegian Business & Industry Security Council (NSR)

Norwegian Business & Industry Security Council (NSR)

NSR is a member organization serving the Norwegian business sector in an advisory capacity on matters relating to crime and security including cyber.

Radiflow

Radiflow

Radiflow is a leading provider of cyber security solutions for critical infrastructure networks (i.e. SCADA), such as power utilities, oil & gas, water and others.

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC) was founded to develop and implement information security practices in Dubai.

IBA Security

IBA Security

IBA Security is a center of competence consolidating the cybersecurity expertise of the IBA Group.

Blok Cyber Security

Blok Cyber Security

Blok provide small businesses and sole traders, with affordable, managed Cyber Security Packages that offer immediate protection and peace of mind.

Xscale Accelerator

Xscale Accelerator

Xscale's vision is to create world-class startups out of India by transforming sales and providing access to global markets.

Multipoint Group

Multipoint Group

Multipoint is an information security and protection solutions company operating in the South EMEA region through value-added distribution channels.

BJSS

BJSS

BJSS is an award-winning technology and engineering consultancy for business.

SydeLabs

SydeLabs

At SydeLabs, our mission is to ensure the comprehensive security of your AI systems.

CyberSalus

CyberSalus

CyberSalus is a pioneering cyber tech services company dedicated to protecting the digital integrity of healthcare organizations.

Vambrace Cybersecurity

Vambrace Cybersecurity

Vambrace is an experienced cybersecurity consultancy and operations outsourcer helping you to secure your business in an increasingly-hostile cyber environment.

Datos Insights

Datos Insights

Datos Insights is a leading global provider of insights, data, and advisory services to the financial services, insurance, and retail technology industries.