Sykipot-wielding attackers now targeting US civil aviation firms
Posted on 05.09.2013
The Sykipot backdoor Trojan is not a new threat. First detected over six years ago, its existence and use has been tied almost exclusively with the cyber espionage activities of a group or groups of attackers that are likely to be based in China.

The malware itself hasn't changed much throughout the years, and its goal is simple and always the same - once it gains access to a system, it establishes an SSL connection to a C&C server from which additional malware is downloaded, then installed and run on the victimís machine.

It has mostly been used in campaigns targeting the US defense industry and government contractors, along with some computer hardware manufacturers and telecoms. But in this last campaign spotted by Trend Macro researchers, the attackers have unexpectedly focused on companies working in the US civil aviation sector.

The Sykipot attackers are known for their use of zero-day exploits to deliver the backdoor to the victims, and that, along with their persistence and specific targeting, is another clue that points to their nature as state-sponsored hackers.

The researchers are warning US-based entities - and especially those in the civilian sectors that are important to the country's infrastructure - to be on the lookout for similar campaigns, urging them to keep their systems updated and securely configured or adding virtual patching (or virtual shielding) solutions to their defenses if security upgrades are not possible for whatever reason.

"Since this attack typically arrives via email messages, it is important for organizations to implement an good social engineering program. This can help organizations, particularly employees, managers etc., to be wary of email messages that may carry malware related to campaigns like Sykipot," they pointed out.


Most IT pros have seen potentially embarrassing information about their colleagues

More than three-quarters of IT professionals have seen and kept secret potentially embarrassing information about their colleagues, according to new research conducted by AlienVault.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Feb 10th