Advertise

Risk

1/13/2012
10:49 AM

Dark Reading
News

0 comments
Comment Now

50%

Sykipot Malware Steals Pentagon Smart-Card Credentials

Malware out of China challenges two-factor authentication schemes used by Defense Department, other organizations.

An infamous family of malware used in cyberespionage attacks out of China can now hijack a user's smart-card credentials.

Researchers at AlienVault have discovered a new variant of the Sykipot malware family that steals smart-card credentials of Department of Defense (DOD) and other users. Sykipot has been in action since around 2007 for launching targeted attacks via spear-phishing emails to the DOD community. And that community employs PC/SC x509 smart cards for multifactor authentication of its users.

The new Sykipot variant appears to have been in the wild for months: Researcher Jaime Blasco found that it was first compiled in March 2011, and since then it has been spotted in dozens of attack samples. Blasco says he has no information on whether the attackers were successful in pilfering DOD or other smart-card credentials, but his lab has proved that it works, so it's likely to have been used in some hacks.

"We have tested the malware and, in fact, it is working," Blasco said. "It's likely they got inside protected systems and gained access using this malware."

AlienVault researchers believe one group of attackers is and has been behind the malware. "We believe it's the same group of attackers. They have been using the same techniques, even sharing some parts of the code in other attacks," Blasco said. "It's related to another one we reported a month ago."

Read the rest of this article on Dark Reading.

Find out how to create and implement a security program that will defend against malicious and inadvertent internal incidents and satisfy government and industry mandates in our Compliance From The Inside Out report. (Free registration required.)

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

The Failures of Static DLP and How to Protect Against Tomorrow's Email Breaches

ROI and Beyond for the Cloud

More Webcasts

White Papers

A Technical Deep Dive on Software Exploits

Full Body Exposure: CybelAngel Analysis of Medical Data Leaks

More White Papers

Reports

The Malware Threat Landscape

IDC FutureScape: Worldwide Digital Transformation Predictions

More Reports

Comments

Newest First | Oldest First | Threaded View

[close this box]

Be the first to post a comment regarding this story.

Hot Topics

Editors' Choice

How to Better Secure Your Microsoft 365 Environment

Kelly Sheridan, Staff Editor, Dark Reading, 1/25/2021

Many Cybersecurity Job Candidates Are Subpar, While On-the-Job Training Falls Short

Robert Lemos, Contributing Writer, 1/27/2021

Attackers Leave Stolen Credentials Searchable on Google

Kelly Sheridan, Staff Editor, Dark Reading, 1/21/2021

Webinars

Protecting Your Enterprise's Intellectual Property

Strategies for Success with Digital Transformation

ROI and Beyond for the Cloud

Webinar Archives

White Papers

A Technical Deep Dive on Software Exploits

Centralized Security Policy Management Across Hybrid Cloud Environments Should be an Obvious Strategy

What To Consider Before Renewing Your SD-WAN

The Essential Guide to Securing Remote Access

IDC Workbook: Best Practices for Cloud Security

More White Papers

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: This comment is waiting for review by our moderators.

Cartoon Archive

Current Issue

2020: The Year in Security

Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Assessing Cybersecurity Risk in Today's Enterprises

COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.

Download Now!

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

Building an Effective Cybersecurity Incident Response Team

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2021-20620
PUBLISHED: 2021-01-28

Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.

CVE-2021-20621
PUBLISHED: 2021-01-28

Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

CVE-2021-20622
PUBLISHED: 2021-01-28

Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.

CVE-2020-5626
PUBLISHED: 2021-01-28

Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file.

CVE-2021-3142
PUBLISHED: 2021-01-28

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35128. Reason: This candidate is a reservation duplicate of CVE-2020-35128. Notes: All CVE users should reference CVE-2020-35128 instead of this candidate. All references and descriptions in this candidate have been removed to preve...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]