Virus Type: Advanced Persistent Threat (APT)
Hellsing is a small cyberespionage group targeting mostly government and diplomatic organizations in Asia. Deeper analysis of the Hellsing threat actor by Kaspersky Lab reveals a trail of spear-phishing emails with malicious attachments designed to propagate espionage malware among different organizations. If a victim opens the malicious attachment, their system becomes infected with a custom backdoor capable of downloading and uploading files, updating and uninstalling itself.
Kaspersky Lab has detected and blocked Hellsing malware in Malaysia, the Philippines, India, Indonesia and the US, with most of the victims located in Malaysia and the Philippines.
You might be a target of Hellsing if the following risk factors are familiar to you:
Hellsing indicators of compromise are available at Securelist.com
Kaspersky Lab products detect the backdoors used by the Hellsing attacker as: HEUR:Trojan.Win32.Generic, Trojan-Dropper.Win32.Agent.kbuj, Trojan-Dropper.Win32.Agent.kzqq.
To protect against the Hellsing attacks, make sure to follow basic security best practices:
Hellsing is a small cyberespionage group targeting mostly government and diplomatic organizations in Asia.