Crackers deploy Sykipot Trojan targeting smart card readers

Posted: January 15, 2012 in Analysis

Chinese hackers have deployed a new cyber weapon that is aimed at the Defense Department, the Department of Homeland Security, the State Department and potentially a number of other United States government agencies and businesses, security researchers say.Ryan Naraine and Dancho Danchev from Zdnet also write that “A new version of the Sykipot Trojan is targeting smart card readers made by ActivIdentity, a company that provides authentication software to several high-profile agencies and businesses around the world.”

According to Researchers at AlienVault, a Campbell, Calif, these attacks originate from servers in China with what appears to be the purpose of obtaining information from the defense sector: the same sector that makes extensive use of PC/SC x509 Smartcards for authentication.Smartcards have a long history of usage in the Defense Sector, for both physical and information access management, and historically have merely forced attackers to route around the smartcard authentication system through other, more vulnerable attack vectors.
Traces of Sykipot malware have been found in cyberattacks dating back to 2006, but AlienVault’s researchers say this is the first time Sykipot has compromised smart cards. The government uses smart cards to supplement employee passwords, which have proven easy to crack. By cracking smart cards, hackers eliminate the final hurdle between themselves and some of the government’s most sensitive information.

Interesting features that allow it to effectively hijack DOD and Windows smart cards. This variant, which appears to have been compiled in March 2011, has been seen in dozens of attack samples from the past year. Previous Sykipot strains have been traced to command-and-control servers in China, and the researchers said they discovered Chinese characters in a small snippet of code in this latest strain.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s