the empire strikes back
TRANSCRIPT
MH370
CYBERCRIMINALS ARE QUICK TO EXPLOIT TRAGEDIES
• Cybercriminals take advantage of news to
launch phishing attacks
• Such news includes hurricanes, earthquakes,
tsunamis, terrorist attacks or other tragedies
• The goal is to trick people looking for news
into opening malicious emails and
documents
NAIKON: MH370 ATTACKS
• The Naikon group is an APT that is very active
in Asia
• We’ve noticed a spike in the number of Naikon
attacks against the Philippines, Malaysia,
Cambodia, Indonesia, Vietnam, Myanmar,
Singapore and Nepal
• Naikon was quick to exploit the MH370 tragedy
• It launched a massive campaign to attack other
nations in APAC, notably those involved in the
search for MH370
AFFECTED PARTIES IN VARIOUS COUNTRIES
• Office of the President
• Navy Forces
• Armed Forces
• Office of the Cabinet Secretary
• National Security Council
• Office of the Solicitor General
• National Intelligence Coordinating Agency
• Civil Aviation Authority
• Department of Justice
• National Police
• Presidential Management Staff
Several hundred victims
Thousands of documents
stolen
THE “HELLSING" APT
• Active since ~2012
• Spear-phishing:
archives, SCR files
• Main interests: APAC nations
• No financial gain, pure
intelligence gathering
• Probably nation-state
sponsored
Country “A”: Country “B”: Country “C”: +Embassies, ASEAN, etc…
• Ministry of Foreign Affairs
• Ministry of Tourism and Culture
• Immigration Department
• Office of the President
• National Economic and Development Authority
• Society for Quality
• Ministry of Foreign Affairs
AM I AT RISK?
Risk factors:
• Do you receive and read hundreds of emails, open attachments?
• Do you work for/with governments in APAC?
• Have you received suspicious .scr files?
• Inside RAR/ZIP archives, with password?
To find out if you’re infected:
• Use our IOCs document
• All Kaspersky Lab products detect the Hellsing actor
PREVENTION MEASURES (GENERAL)
• Educate employees on how to avoid being ‘socially-engineered’
• Use strong anti-malware suites, best practices
• Use separate laptops for travel
• Don’t update software while traveling
• Use VPNs
• Use strong and unique passwords for each website
• Default deny policies stop many APTs dead in their tracks
CONCLUSION
• Welcome to APT wars!
• Attack / counterattack mentality
• Goals: attribution, counter-intelligence gathering
• Are they really advanced? No
• Are they really a threat? Yes!