Int'l hacker group attempts to access PH gov't data | Inquirer Technology

Int’l hacker group attempts to access PH gov’t data

By: - NewsLab Lead / @MSantosINQ
/ 12:36 PM May 16, 2015

empire-strikes-back-0516

Another hacker group could have already gained backdoor access to computer systems of certain Philippine government agencies through email attachments containing malicious software (malware).

Computer security firm Kaspersky Labs discovered the hacker group dubbed “Hellsing” after it engaged in a brief skirmish with an older hacker group known as “Naikon.”

Article continues after this advertisement

BACKSTORY: Spy vs spy: two cyber espionage groups engage in online skirmish

FEATURED STORIES

“The Hellsing group is currently active in the Asia-Pacific region, hitting targets mainly in the South China Sea area, with a focus on Malaysia, the Philippines and Indonesia,” Kasperksy said in its cyber security bulletin on securelist.com.

“Hellsing targets its intended victims using spear-phishing emails with archives containing malware, similar to the one it used against the Naikon group,” it said.

Article continues after this advertisement

Email spear-phising is a method of fooling a target victim by pretending to be a known associate, friend, or relative. The attacker asks the victim to open an attachment which looks like a harmless ZIP or RAR file but actually contains software that compromises the computer.

Article continues after this advertisement

Kaspersky listed the file names of some email attachments used by Hellsing which were found to contain malware that allowed backdoor access to infected computers:

Article continues after this advertisement
  • 2013 Mid-Year IAG Meeting Admin Circular FINAL.7z
  • HSG FOLG ITEMS FOR USE OF NEWLY PROMOTED YNC FEDERICO P AMORADA 798085 PN CLN.zip
  • Home Office Directory as of May 2012.Please find attached here the latest DFA directory and key position officials for your referenece.scr
  • LOI Nr 135-12 re 2nd Quarter.Scr
  • Letter from Paquito Ochoa to Albert Del Rosario,the Current Secretary of Foreign Affairs of the Philippines.7z
  • Letter to SND_Office Call and Visit to Commander, United States Pacific Command (USPACOM) VER 4.0.zip
  • PAF-ACES Fellowship Program.scr
  • RAND Analytic Architecture for Capabilities Based Planning, Mission System Analysis, and Transformation.scr
  • Update Attachments_Interaction of Military Personnel with the President _2012_06_28.rar
  • Update SND Meeting with the President re Hasahasa Shoal Incident.scr
  • Washington DC Directory November 2012-EMBASSY OF THE PHILIPPINES.zip
  • ZPE-791-2012&ZPE-792-2012.rar
  • zpe-791-2012.PDF.scr

Some of the attachments had references to Foreign Affairs Secretary Albert Del Rosario, Embassy of the Philippines, Office of the President, and even the United States Pacific Command.

Once the hackers have gained access to the infected computers, they have tools that can search, gather, and send data back to them.

Article continues after this advertisement

The malicious software on the infected computer is also able to download files, upload files, update itself, and uninstall itself, Kaspersky said.

The Chinese-seaking Naikon hacker group has also been very active in conducting cyber espionage campaigns in countries in the Southeast Asian region including the Philippines. KS

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

Read: Chinese hackers stealing digital info from PH gov’t agencies

Kaspersky recommended several ways to avoid being a victim of spear-phising emails from hackers:

  • Don’t open attachments from people you don’t know
  • Beware of password-protected archives which contain SCR or other executable files inside
  • If you are unsure about the attachment, try to open it in a sandbox
  • Make sure you have a modern operating system with all patches installed
  • Update all third party applications such as Microsoft Office, Java, Adobe Flash Player and Adobe Reader
TOPICS: Hacker, Internet, Kaspersky Labs
TAGS: Hacker, Internet, Kaspersky Labs

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.