Russian security firm Kaspersky has highlighted a series of cyber attacks in which hacker groups fought each other with malware that is typically aimed at governments and large corporations.
A Kaspersky security report said that a relatively small group from Asia called Hellsing recently returned fire on a rival following an earlier attack, and ignited what is being called the APT Wars.
The security firm said that researchers picked up clues about the battle while looking into the work of a hacker group called Naikon.
Naikon received a spear phishing email that included a malware variety, dubbed Hellsing, as an attachment.
Sceptical of unsolicited email of this kind for obvious reasons, Naikon did not open the attachment, choosing instead to send it back in the guise of a forwarded message.
“The targeting of the Naikon group by Hellsing, in some sort of a vengeful vampire-hunting, Empire Strikes Back style, is fascinating,” said Costin Raiu, director of the global research and analyst team at Kaspersky Lab.
“In the past, we’ve seen APT groups accidentally hitting each other while stealing address books from victims and then mass-mailing everyone on each of these lists.
“However, considering the targeting and origin of the attack, it seems more likely that this is an example of a deliberate APT-on-APT attack.”
The hacker-on-hacker angle has prompted Kaspersky to supply a video description of what happened (see below).
Hellsing has been used on other organisations too, and Kaspersky has provided the necessary clean up tools.
The company said that the threat has been active since 2012, and victims will have installed the malware and exposed their systems to a custom backdoor with upload and download capabilities.
Kaspersky said that around 20 international organisations are affected, principally official and government systems.
The company reiterated its general advice not to open unsolicited email attachments.