The Sykipot campaign has targeted numerous defense industry and government organizations over the past few years. However, experts have found that the cybercriminals behind the operation keep improving their infrastructure, malware, and they’ve even turned to some new exploits.
AlienVault experts say that over the last 8-10 months, the cybercrooks have relied on Internet Explorer, Adobe Reader and Java 7 exploits to spread their pieces of malware.
Up until recently, they have distributed malware by attaching it to spear phishing emails that they sent to their targets. When the victim opened the apparently innocent documents, an exploit would be triggered.
Now, they’ve begun using links instead of attachments. When users click on the links, they’re taken to malicious websites that exploit Internet Explorer or Java vulnerabilities.
For this purpose, they’ve set up several bogus websites that replicate the ones of government organizations. Researchers have spotted fake Defense Finance and Accounting Service, American Advertising Federation, Hudson Institute and GSA SmartPay sites.
Additional technical details regarding the improvements made to Sykipot are available here.