Security company AlienVault has revealed that a new strain of the Sykipot malware is attacking US government agencies.
The company said the attacks, believed to originate in China, are targeting US Department of Defense and specifically the smartcards used by DoD employees.
Jaime Blasco, AlienVault’s Lab manager, said the malware could give hackers access to highly sensitive information.
"This is the first report of Sykipot being used to compromise smart cards, and this latest version of the malware has been designed specifically to take advantage of smart card readers running ActivClient – the client application of ActivIdentity, whose smart cards are standardised at the DoD and a number of other US government agencies," he said
"The smart cards are an important facet of security for the Department of Defense – which manages the three main branches of the military in the US, the Departments of the Army, the Navy and the Air Force – and use the cards as a standard means of identifying active duty military staff, selected reserve personnel, civilian employees, and eligible contractor staff," Blasco added.
He went on to describe what could happen to an infected card: "The malware… uses a keylogger to steal PINs for the cards. When a card is inserted into the reader, the malware acts as the authenticated user and can access sensitive information. The malware is then controlled by the attackers and then told what – and when – to steal the appropriate data," he said.
He said that the malware is attacking smartcards running Windows Native x509 software, which apparently is very common across US government agencies.
This latest Sykipot strain of malware may have been attacking targets since March 2010, AlienVault said, and Blasco added that he believes it came from the same Chinese group behind the original. It lures targets into clicking a dodgy link that is contained within an email.
It is not yet clear how successful the attacks have been and what data, if any, has been compromised.
