New evidence uncovered by Kaspersky Labs shows some of the first documented group on group attacks by state sponsored hacking teams.
The report, released Tuesday, documents two Asian based teams targeting each other using sophisticated attacks and malware. The findings are uncommon in the world of cyber espionage.
Traditionally, state sponsored attack groups like China’s Unit 61398, APT30 or America’s Equation Group target strategic infrastructure, political networks or multinational corporations that control state or military secrets.
These attacks are often figured out and can result in real world damage, such as the loss of key fighter blueprints to China or the destruction of Iran’s nuclear centrifuges Israel.
But in its report Tuesday, Kaspersky observed the first known attack on each other by rival cyber armies.
The company observed the Naikon group, which is believed to be affiliated with Malaysia and takes a particular interest in hacking targets related to the search of Malaysian Airlines flight MH370 being hacked by a new group – The Hellsing Group.
The Hellsing Group responded to phishing emails by the Naikon group and proceeded to infect them with a sophisticated backdoor package. This backdoor, and related variants, has been observed attacking the United States, The Philippines, India and other ASEAN member countries.
Kaspersky refused to speculate on the origin of the Hellsing Group, instead pointing out the name references a Japanese manga cartoon and the group appears to operate in the GMT +8 or GMT +9 timezone.
Attacks like these show just how ‘hot’ the cyber battlespace is becoming and highlights the difficulties in tracing attacks back to specific state actors. This trend is expected to continue as small nations who cannot afford expensive fighter planes and battleships increasingly invest in online warfare systems where they see better return on investments.