Chinese hackers targeting smart cards to grab U.S. defense data
Cyberattacks from China have reportedly adopted a variant of the malware known Sykipot to compromise the smart cards used by U.S. government agencies.
Hackers in China have found a way to infiltrate supposedly secure smart cards used by U.S. government employees, according to security company AlienVault.
The security firm said it has seen dozens of such attacks, which tap into a unique variant of a nasty bit of malware known as Sykipot.
The hackers appear intent on stealing data from the Department of Defense and other related agencies. The malware is capable of capturing the PIN numbers used by government smart cards, thereby allowing access to supposedly secure information.
"Like we have shown with previous Sykipot attacks, the attackers use a spear phishing campaign to get their targets to open a PDF attachment which then deposits the Sykipot malware onto their machine," according to AlienVault. "Then, unlike previous strains, the malware uses a keylogger to steal PINs for the cards. When a card is inserted into the reader, the malware then acts as the authenticated user and can access sensitive information. The malware is controlled by the attackers from the command & control center."
Government agencies use smart cards as an extra layer of security on top of passwords, according to the New York Times. Since passwords have been easy enough to hack, the smart cards were supposed to provide a final line of defense, at least until the new strain of Sykipot popped up.
Attacks using Sykipot have been around since 2007, says security vendor Trend Micro. The firm called the malware a "high priority threat" and pointed to several incidents over the past few years in which it has been used to exploit holes in such software as Adobe Reader, Internet Explorer 6, and Microsoft Excel.
But the latest round of attacks marks the first time that Sykipot has been used to breach smart cards, says AlienVault. The malware strain used by hackers specifically targets ActivIdentity, a smart card-based PKI (public key infrastructure) authentication method know for its compliance with certain U.S. government specifications.
With ActivIdentity as the target, the attacks are clearly aimed at U.S. defense departments, the Times added. But it's as yet unknown what information the hackers have so far been able to capture.