Kaspersky Lab has reported that they have detected and blocked the Hellsing malware in Malaysia, the Philippines, India, Indonesia, and the United States. Designed to infect government and diplomatic organizations throughout Asia, Hellsing uses spear-phishing e-mails containing malicious attachments to gain access to sensitive networks.
However, Kaspersky Lab noted that Hellsing is also involved in a rare and unusual event: cyber criminals attacking each other. Last 2014, it was subject to a spear-phishing attack by another threat actor and it decided to strike back, marking the mainstream emergence of Advanced Persistent Threat wars.
The opposing group was named “Naikon” and also operates in the Asia Pacific region. Its activities were detected when one of their targets questioned the authenticity of an infected e-mail, opting not to open the attached file and instead, sending it back to them. In doing so, Hellsing hoped to identify the Naikon group and gain intelligence on it.
“The targeting of the Naikon group by Hellsing, in some sort of a vengeful vampire-hunting ‘Empire Strikes Back’ style, is fascinating. In the past, we’ve seen APT groups accidentally hitting each other while stealing address books from victims and then mass-mailing everyone on each of these lists. However, considering the targeting and origin of the attack, it seems more likely that this is an example of a deliberate APT-on-APT attack,” said Costin Raiu, director of global research and analyst team at Kaspersky Lab.
Kaspersky urges users to be vigilant and proactive against such threats. They advise people not to open attachments from unknown contacts, not to run questionable executables, and to have all software, antivirus, antimalware, and other safety tools updated to the latest version.