A new strain of Sykipot is being used to attack US Department of Defense smart cards A new strain of the Sykipot malware is being used by Chinese cyber criminals to compromise US Department of Defense (DoD) smart cards, a new report has revealed.The malware has been designed to take advantage of smart card readers running ActivClient – the client application of ActivIdentity – according to unified security information and event management (SIEM) company AlienVault.ActivIdentity’s smart cards are standardised at the DoD and a number of other US government agencies. The cards are used to identify active duty military staff, selected reserve personnel, civilian employees, and eligible contractor staff.As with previous Sykipot strains, the attackers use an email campaign to get specific targets to click on a link and deposit the Sykipot malware onto their machines. After identifying the computers that have card readers, the attackers install keystroke logging software to steal the PIN number that is used in concert with the smart card. “When a card is inserted into the reader, the malware acts as the authenticated user and can access sensitive information,” explained AlienVault’s lab manager Jaime Blasco. “The malware is then controlled by the attackers and then told what – and when – to steal the appropriate data.”So far, AlienVault has seen attacks that compromise smart card readers running Windows Native x509 software, which is reportedly in commonplace use amongst a number of US government and allied agencies. This new strain is thought to have originated from the same Chinese authors that created a version of Sykipot in 2011, which distributed a variety of spam messages claiming to contain information on the next-generation unmanned “drones”, developed by the United States Air Force.In an investigation into that earlier strain last year, Blasco suggested that the team behind Sykibot was working with an information “shopping list” that included semiconductor, medical and aerospace technology.In a report released least year, security consultancy Mandiant identified several cases where determined attackers were able to get onto computers or networks that required both smart cards and passwords. Mandiant called this technique a “smart card proxy”. Related content news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Regulation Regulation news UK data regulator warns that data breaches put abuse victims’ lives at risk The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse. By Michael Hill Sep 28, 2023 3 mins Electronic Health Records Data Breach Government news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Threat and Vulnerability Management Security Software news SpecterOps to use in-house approximation to test for global attack variations The new offering uses atomic tests and in-house approximation in purple team assessment to test all known techniques of an attack. By Shweta Sharma Sep 28, 2023 3 mins Penetration Testing Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe