Cybercriminals Lock Loggerheads with Each Other - Kaspersky

Kaspersky, a Russian security firm, has highlighted a series of cyber attacks in which hacker groups fought each other with malware targeting large corporations and governments.

Researchers of Kaspersky were investigating Naikon which is one of the most active threat groups in Asia when they came across the activities of a different actor which they have nicknamed "Hellsing".

When the Malaysia Airlines Flight 370 (MH370) vanished last year, Naikon started targeting several government organisations in countries which had been involved in searching the missing airplane. The attackers used spear-phishing emails consisting documents which are designed to exploit Microsoft Word vulnerabilities to deliver a backdoor known as RARSTONE.

One of these emails was sent to an organization where the recipient had doubts about the authenticity of the email. The recipient asked the sender (Naikon) for a confirmation that they had sent the email. Members of Naikon who were probably aware of the internal structure of the targeted government agency tried to convince the recipient that the email was genuine.

Kaspersky said that the target was not convinced and hence did not open the malicious document.

Shortly after that, the target forwarded an email laced with malware to the sender. The security firm observes that this move prompted an investigation which resulted the discovery of the Hellsing APT group.

The method of counter-attack shows that Hellsing wanted to identify the Naikon group and collect information on it.

Net-security.org published a report on 15th April, 2015 quoting Costin Raiu, Director of the global research and analyst team of Kaspersky, as saying "We have seen in the past that APT groups inadvertently hitting each other while stealing address books from victims and then mass-mailing everyone on each lists. However, keeping in view of the origin and target of the attack, it looks more like an example of a deliberate APT-on-APT attack."

The security firm reveals that Hellsing has targeted around 20 organisations mostly in the Philippines, Indonesia and Malaysia.

The security firm advises that businesses should avoid cybercrimes by Hellsing by being cautious about email attachments from strangers and by using fully patched modern operating systems and by keeping fully updated third-party apps like Java and Microsoft.

» SPAMfighter News - 4/21/2015