New Chinese Virus Targeting DoD Access Cards

From the Army Times:

A Chinese-based cyber attack is targeting the Defense Department’s Common Access Cards with technology that could steal information from military networks while troops and civilians work at their desks, researchers say.

The new cyber weapon apparently can get inside individual computers after users unwittingly open a standard PDF email file. Once embedded, it logs the users’ keystrokes to obtain personal identification numbers or codes associated with that card and user, according to AlienVault, a Silicon Valley-based cyber security firm.

“Basically, they are able to steal the PIN and then they can get access to whatever they want,” said Jaime Blasco, the lab manager for AlienVault who published detailed technical information about the attack.

The attacks are a variant of a virus, or malware, known as “Sykipot” and date back as far as March 2011, Blasco said.

The new Sykipot strain specifically targets the technology used to support the Pentagon’s CAC system and the emails seeking to spread it often are disguised as official military or government communications, Blasco said.

To lure defense workers to open the infected attachment, some of the emails have used information about new drone technology and pictures of unmanned aerial vehicles, he said.

The full story is here.