Gang Warfare: Hacking Groups Clash In Cyberspace

Uploaded on 2015-04-23 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

Hellsing_1.jpg

One day last year, an obscure cyber espionage group sent a spear phishing e-mail. It carried the usual trappings of a spear phish sent by advanced persistent threat actors. It was short, appeared to come from an address the target knew, and attached a payload that when clicked surreptitiously installed potent malware on the reader's computer.
But there was something highly unusual about this spear phish, one that would throw the once-shadowy Hellsing group into the limelight. According to analysis from antivirus provider Kaspersky Lab, the targeted group in the spear phish wasn't a government agency or embassy as is usually the case. Instead, it was Naikon, one of Asia's largest APT (Advanced Packaging Tools) gangs and a rival to Hellsing. Naikon has been active for years and is known for attacks targeting government and military leaders, diplomats, aviation authorities, and police in countries such as the Philippines, Malaysia, Cambodia, and Indonesia.
Parenthetically, a few weeks after Kaspersky Lab researchers observed Naikon targeting Hellsing came the March 8, 2014 disappearance of Malaysia Airlines Flight 370. Three days later, Naikon launched a campaign that hit most of the countries involved in the search, with booby-trapped e-mails sent to political and military leaders, diplomats, civil aviation authorities, and police. The Naikon gang, it seemed, was eager to learn whatever it could about the behind-the-scenes recovery mission for the missing flight.
Kaspersky Lab researchers said Hellsing is known to have infected only about 20 organizations, an indication of just how niche and selective the attack group is. Hellsing is also highly selective about the regions it targets, limiting them to the US, Malaysia, the Philippines, Indonesia, and India. The name Hellsing comes from the project title a developer carelessly left in some of the malicious binaries the group uses in its campaigns. It remains unknown if Hellsing succeeded in its attempt to infect Naikon. 
An analysis of the command and control infrastructure shows Hellsing has ties to fellow groups known as PlayfulDragon, Mirage, and Vixen Panda.
Server locations also suggest links to the APT group known as Cycldek or Goblin Panda. Kaspersky's blog post lays out a feast of other technical details about the gang. This may have been one of the first times an APT-on-APT attack has been witnessed, but it's probably not the last.
Ars Technica: http://bit.ly/1FSSmvx

« Threat Intelligence Is a Two-Way Street
Russian Hackers Use Flash Zero-Day Flaws »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

CERT-EU

CERT-EU

CERT-EU is a permanent Computer Emergency Response Team for the EU institutions, agencies and bodies.

ADF Solutions

ADF Solutions

ADF Solutions is a leading provider of digital forensic and media storage exploitation tools.

Malta Information Technology Agency (MITA)

Malta Information Technology Agency (MITA)

MITA is the central driver of Government Information and Communications Technology (ICT) policy, programmes and initiatives in Malta.

Phirelight Security Solutions

Phirelight Security Solutions

Phirelight empowers an enterprise to easily understand how their networks behave, while at the same time assessing and managing cyber threats in real time.

Rafael

Rafael

Rafael has more than 15 years of proven experience in the cyber arena providing solutions for national security as well as commercial applications.

ReFoMa

ReFoMa

ReFoMa is a consultancy and advisory company with a focus on information Security.

SOOHO

SOOHO

SOOHO helps to detect security vulnerabilities earlier. Our blockchain security platform audits from smart contracts to on-chain transactions.

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node is part of a national network designed to foster and accelerate cyber capability and innovation across Australia.

Y-PARC

Y-PARC

Y-PARC is a center of excellence for cybersecurity, precision industries and medtech, fostering innovation and development and support for startups.

iSecurity Consulting

iSecurity Consulting

iSecurity delivers a complete lifecycle of digital protection services across the globe for public and private sector clients.

DataPassports

DataPassports

DataPassports is a data-centric security and privacy solution that enforces privacy and security from end-to-end with transparent protection of data at the source.

StartupXseed Ventures

StartupXseed Ventures

StartupXseed Ventures is a smart capital provider for Deep Tech, B2B, Early Stage Startups. We support, NextGen Tech Entrepreneurs, who have potential to deliver the outsized growth.

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

CMMC COE is an IT-AAC sponsored public–private partnership that will be the focal point for entities seeking to achieve Cybersecurity Maturity Model Certification.

Cerby

Cerby

Your team uses unmanageable applications that put you, your company, and your data at risk. Protect, secure, and accelerate your business automatically with Cerby.

Jot Digital

Jot Digital

Jot Digital is a full-service technology company specializing in digital engineering, application modernization and business transformation.

VeriBOM

VeriBOM

VeriBOM is a SaaS security and compliance platform that helps protect you and your customers through automation, documentation, and transparency for every software application you build or run.