Kaspersky Lab has recorded a rare and unusual example of one cybercriminal attacking another. In 2014, Hellsing, a small and technically unremarkable cyberespionage group targeting mostly government and diplomatic organizations in Asia, was subjected to a spear-phishing attack by another threat actor and decided to strike back. Kaspersky Lab believes that this could mark the emergence of a new trend in cybercriminal activity: the APT wars.
The discovery was made by Kaspersky Lab experts during research into the activity of Naikon, a cyberespionage group also targeting organizations in the Asia-Pacific region. The experts noticed that one of Naikon’s targets had spotted the attempt to infect its systems with a spear-phishing email carrying a malicious attachment.
The target questioned the authenticity of the email with the sender and, apparently dissatisfied with the reply, did not open the attachment. Shortly thereafter the target forwarded to the sender an email containing the target’s own malware. This move triggered Kaspersky Lab’s investigation and led to the discovery of the Hellsing APT group.
Read the full story here