Authors of Sykipot Malware Seem Curious About U.S. Drones
Authors of Sykipot Malware Seem Curious About U.S. Drones
Posted 12/23/2011 at 6:01am
| by Pulkit Chandna
8
Comments
Print
We here at Maximum PC usually don’t cover drones, except for the ones that can be controlled using generic Android- or iOS-based smartphones and tablets. But we are left with little choice but to venture into Aviation Week territory when a story about military drones also features hackers, zero-day vulnerabilities and malware. You get the drift, don’t you? Hit the jump for more.
According to researchers at Alienvault Labs, an ongoing hacking campaign could be targeting “organizations related to technology used in this kind of vehicles like aerospace and military industries.” Apparently, hackers are using zero-day vulnerabilities in popular software like Adobe Reader to deliver the not-so-sophisticated Sykipot malware to systems belonging to defense contractors. While still not a household name like Stuxnet, the Sykipot malware has been around for ages.
A key defense player, Lockheed Martin, recently reported a Reader zero-day to Adobe. Even in that instance, the payload happened to be Sykipot. Alienvault says that such campaigns have been going on for months and it has analyzed most of them. However, one in particular caught the firm’s attention due the media displayed after the infection being about U.S. UCAVs (unmanned combat air vehicle).
“There have been a lot of different campaigns with different Command-And-Control servers,” reads a recent Alienvault Labs blog post. “The modus operandi is simple, they send emails with a malicious attachment or link, sometimes using a zero-day exploit to key employees of different organizations.”
“In most of the campaigns the malware dropped displays some document or media attractive to the victim. After analyzing most of the campaigns, we discovered a group of samples connecting to the same C&C server that attracted our attention because of the media displayed after the infection.”
While reminding everyone of the incorrectness of jumping to conclusions, the researchers said that they had successfully managed to identify no less than six Chinese IP addresses used to proxy or host the command-and-control servers and a tool used to create these Sykipot campaigns. If that was not enough, the said tool was found to give Chinese language errors on occasions.
Those behind these attacks are said to be using well known techniques to hack mainly US-based servers to mask the real C&C servers, with most of the actual C&C servers running a webserver called “Netbox” that “allows developers to compile and deploy ASP web applications into a stand-alone executable file.” Netbox too has a strong Chinese connection as almost 80 percent of the servers with it are found in that country.
More like this
8
Comments
Comments are closed on this article
Neufeldt2002
December 23, 2011 at 1:44pm
It never ceases to amaze me that these systems are connected to the Internet. If I was working on a defense contract everything would be on its own network with NO connection to the web.
TheZomb
December 23, 2011 at 4:05pm
its usually not that the systems are connected to the internet, but that either computers connected to the systems are connected to the internet or computers connected to those computers are connected to the internet. The virus are designed to hop from private network to private network until they find something valuable.
All it takes is for one person to get lazy or stupid and plug in a usb stick to an unauthorized computer. The article more read as the air force bragging that they were able to succesfully detect and trace an attack without actually being compromised as if only the net connected computers were infected and not anything valuable.
std error
December 23, 2011 at 9:28am
I always imagined that the US would be one of the hardest countries to occupy... Because of all guns our civilians have not to mention military stockpiles.... Plus it would be easy to hide insurgent training bases along the border with Canada. If they thought Baghdad in 2006 was bad... wait till the Chinese see Los Angeles 2026!
Bentley based carbombs!
szore
December 24, 2011 at 6:52am
A little off topic, but if anyone is interested in how a 'fantasy' scenerio would play out between the old USSR and the US during a conventional war, Read Tom Clancy's Red Storm Rising. I think every possible engagement between every possible platform is dramatized in that book, plus it's a great novel, and it's completly accurate and legit in the way it portrays the different technologys.
firefox91
December 23, 2011 at 9:44am
For one to occupy, they would have to get in first. Not gonna happen. Not unless they made a deal with Canada or Mexico to move in ground forces. That seems just about impossible. We have the most powerful Navy in the world. They aren't coming in by sea. Our Air Force is likely the most powerful as well, air drop can happen. Enemy planes dropping in to the sea that is.
std error
December 23, 2011 at 10:17am
Well to make the day dream, fun I took out the US Military from the senario and just left the US population to itself without military help. I am sure in a real war given the US bases in Japan and in Korea, most of the fighting will occur around their shores not ours.
Of course you can also imagine a Independence Day style Memorial Day (?) surprise attack where all servicemen are at home with their families.
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy19 hours 5 min ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj19 hours 15 min ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E2 days 17 hours ago
