Int’l hacker group attempts to access PH gov’t data

Another hacker group could have already gained backdoor access to computer systems of certain Philippine government agencies through email attachments containing malicious software (malware).

Computer security firm Kaspersky Labs discovered the hacker group dubbed “Hellsing” after it engaged in a brief skirmish with an older hacker group known as “Naikon.”

BACKSTORY: Spy vs spy: two cyber espionage groups engage in online skirmish

“The Hellsing group is currently active in the Asia-Pacific region, hitting targets mainly in the South China Sea area, with a focus on Malaysia, the Philippines and Indonesia,” Kasperksy said in its cyber security bulletin on securelist.com.

“Hellsing targets its intended victims using spear-phishing emails with archives containing malware, similar to the one it used against the Naikon group,” it said.

Email spear-phising is a method of fooling a target victim by pretending to be a known associate, friend, or relative. The attacker asks the victim to open an attachment which looks like a harmless ZIP or RAR file but actually contains software that compromises the computer.

Kaspersky listed the file names of some email attachments used by Hellsing which were found to contain malware that allowed backdoor access to infected computers:

• 2013 Mid-Year IAG Meeting Admin Circular FINAL.7z
• HSG FOLG ITEMS FOR USE OF NEWLY PROMOTED YNC FEDERICO P AMORADA 798085 PN CLN.zip
• Home Office Directory as of May 2012.Please find attached here the latest DFA directory and key position officials for your referenece.scr
• LOI Nr 135-12 re 2nd Quarter.Scr
• Letter from Paquito Ochoa to Albert Del Rosario,the Current Secretary of Foreign Affairs of the Philippines.7z
• Letter to SND_Office Call and Visit to Commander, United States Pacific Command (USPACOM) VER 4.0.zip
• PAF-ACES Fellowship Program.scr
• RAND Analytic Architecture for Capabilities Based Planning, Mission System Analysis, and Transformation.scr
• Update Attachments_Interaction of Military Personnel with the President _2012_06_28.rar
• Update SND Meeting with the President re Hasahasa Shoal Incident.scr
• Washington DC Directory November 2012-EMBASSY OF THE PHILIPPINES.zip
• ZPE-791-2012&ZPE-792-2012.rar
• zpe-791-2012.PDF.scr

Some of the attachments had references to Foreign Affairs Secretary Albert Del Rosario, Embassy of the Philippines, Office of the President, and even the United States Pacific Command.

Once the hackers have gained access to the infected computers, they have tools that can search, gather, and send data back to them.

The malicious software on the infected computer is also able to download files, upload files, update itself, and uninstall itself, Kaspersky said.

The Chinese-seaking Naikon hacker group has also been very active in conducting cyber espionage campaigns in countries in the Southeast Asian region including the Philippines. KS

Read: Chinese hackers stealing digital info from PH gov’t agencies

Kaspersky recommended several ways to avoid being a victim of spear-phising emails from hackers:

• Don’t open attachments from people you don’t know
• Beware of password-protected archives which contain SCR or other executable files inside
• If you are unsure about the attachment, try to open it in a sandbox
• Make sure you have a modern operating system with all patches installed
• Update all third party applications such as Microsoft Office, Java, Adobe Flash Player and Adobe Reader