Chinese
hackers have deployed a new cyber weapon that is aimed at the Defense
Department, the Department of Homeland Security, the State Department
and potentially a number of other United States government agencies and
businesses, security researchers say. A new version of the Sykipot
Trojan is targeting smart card readers made by ActivIdentity, a company
that provides authentication software to several high-profile agencies
and businesses around the world.
According to Researchers at AlienVault,
a Campbell, Calif, these attacks originate from servers in China with
what appears to be the purpose of obtaining information from the defense
sector: the same sector that makes extensive use of PC/SC x509
Smartcards for authentication.Smartcards have a long history of usage in
the Defense Sector, for both physical and information access
management, and historically have merely forced attackers to route
around the smartcard authentication system through other, more
vulnerable attack vectors.
Traces of Sykipot malware have been
found in cyberattacks dating back to 2006, but AlienVault’s researchers
say this is the first time Sykipot has compromised smart cards. The
government uses smart cards to supplement employee passwords, which have
proven easy to crack. By cracking smart cards, hackers eliminate the
final hurdle between themselves and some of the government’s most
sensitive information.
Interesting features that allow
it to effectively hijack DOD and Windows smart cards. This variant,
which appears to have been compiled in March 2011, has been seen in
dozens of attack samples from the past year. Previous Sykipot strains
have been traced to command-and-control servers in China, and the
researchers said they discovered Chinese characters in a small snippet
of code in this latest strain.
