Gang Warfare: Hacking Groups Clash In Cyberspace

Uploaded on 2015-04-23 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

Hellsing_1.jpg

One day last year, an obscure cyber espionage group sent a spear phishing e-mail. It carried the usual trappings of a spear phish sent by advanced persistent threat actors. It was short, appeared to come from an address the target knew, and attached a payload that when clicked surreptitiously installed potent malware on the reader's computer.
But there was something highly unusual about this spear phish, one that would throw the once-shadowy Hellsing group into the limelight. According to analysis from antivirus provider Kaspersky Lab, the targeted group in the spear phish wasn't a government agency or embassy as is usually the case. Instead, it was Naikon, one of Asia's largest APT (Advanced Packaging Tools) gangs and a rival to Hellsing. Naikon has been active for years and is known for attacks targeting government and military leaders, diplomats, aviation authorities, and police in countries such as the Philippines, Malaysia, Cambodia, and Indonesia.
Parenthetically, a few weeks after Kaspersky Lab researchers observed Naikon targeting Hellsing came the March 8, 2014 disappearance of Malaysia Airlines Flight 370. Three days later, Naikon launched a campaign that hit most of the countries involved in the search, with booby-trapped e-mails sent to political and military leaders, diplomats, civil aviation authorities, and police. The Naikon gang, it seemed, was eager to learn whatever it could about the behind-the-scenes recovery mission for the missing flight.
Kaspersky Lab researchers said Hellsing is known to have infected only about 20 organizations, an indication of just how niche and selective the attack group is. Hellsing is also highly selective about the regions it targets, limiting them to the US, Malaysia, the Philippines, Indonesia, and India. The name Hellsing comes from the project title a developer carelessly left in some of the malicious binaries the group uses in its campaigns. It remains unknown if Hellsing succeeded in its attempt to infect Naikon. 
An analysis of the command and control infrastructure shows Hellsing has ties to fellow groups known as PlayfulDragon, Mirage, and Vixen Panda.
Server locations also suggest links to the APT group known as Cycldek or Goblin Panda. Kaspersky's blog post lays out a feast of other technical details about the gang. This may have been one of the first times an APT-on-APT attack has been witnessed, but it's probably not the last.
Ars Technica: http://bit.ly/1FSSmvx

« Threat Intelligence Is a Two-Way Street
Russian Hackers Use Flash Zero-Day Flaws »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

D-RisQ

D-RisQ

D-RisQ is focussed on delivering techniques to reduce the development costs of complex systems and software whilst maximising compliance

BH Consulting

BH Consulting

BH Consulting we are a vendor independent consulting firm providing market leading range of information security services focused on data protection and cybersecurity.

Cyberwatch

Cyberwatch

Cyberwatch is a Vulnerability Scanner & Fixer software that helps you to detect and fix the vulnerabilities of your Information System.

Cradlepoint

Cradlepoint

With Cradlepoint customers leverage the speed and economics of wired and wireless Internet broadband for branch, mobile, and IoT networks while maintaining end-to-end visibility, security and control.

NuSummit

NuSummit

NuSummit (formerly NSEIT) specializes in empowering financial services firms to navigate complex challenges with cutting-edge, technology-driven solutions.

Cequence Security

Cequence Security

Cequence, a pioneer in API security and bot management, is the only solution that delivers Unified API Protection (UAP), uniting discovery, compliance, and protection.

Nova Leah

Nova Leah

Nova Leah helps connected medical device manufacturers meet cybersecurity compliance requirements throughout the entire product lifecycle.

Omnipotech

Omnipotech

Omnipotech is a complete managed service provider. From desktop to datacenter, all the technology support you need, under one umbrella.

Red Sky Alliance

Red Sky Alliance

Red Sky Alliance (Wapack Labs Corp) is a cyber threat intelligence firm that delivers proprietary intelligence data, analysis and in-depth strategic reporting.

Truesec

Truesec

TRUESEC has an exceptional mix of IT specialists. We are true experts in cyber security, advanced IT infrastructure and secure development.

PagerDuty

PagerDuty

PagerDuty is the central nervous system for a company’s digital operations. We identify issues in real-time and bring together the right people to respond to problems faster.

Ermes

Ermes

Ermes – Intelligent Web Protection provides companies with a solution that effectively secures them against web threats.

Google Cloud

Google Cloud

Accelerate your digital transformation. Whether your business is early in its journey or well on its way to digital transformation, Google Cloud can help solve your toughest challenges.

CYTUR

CYTUR

CYTUR provide trusted and secured maritime cybersecurity solutions to keep ships safe, protecting them, their crews, cargo and all stakeholders from maritime cyber threats.

Haiku

Haiku

Haiku stands at the forefront of cybersecurity upskilling, leveraging video games to immerse you in a flow state for accelerated, enduring learning.

Sasken Technologies

Sasken Technologies

Sasken’s Cybersecurity Services enables enterprises to develop, maintain, and take digital products to the market with security postures that empower operational excellence.