1. Purpose. This CISC note is intended to inform all Marine Corps personnel about the new Sykipot strain specifically targets the technology used to support the Pentagon's CAC system and the emails seeking to spread it often are disguised as official military or government communications.
2. Background. A Chinese-based cyber attack is targeting the Defense Department's Common Access Cards with technology that could steal information from military networks while troops and civilians work at their desks. The new cyber weapon apparently can get inside individual computers after users unwittingly open a standard PDF email file. Once embedded, it logs the users' keystrokes to obtain personal identification numbers or codes associated with that card and user.
(1) A Chinese-based Trojan virus (a variant of Sykipot) is targeting DOD CACs and can steal CAC information, user PINs, as well as data stored in impacted systems
(2) Once imbedded on a computer, the virus:
(a) Logs user keystrokes to include PIN information for CAC users signing into the network or a specific application/system
(b) Has the ability to subsequently act as the authenticated user to steal other information as long as the CAC remains in the smart-card reader
(c) Has the ability to capture public key encryption certificates stored on the system as long as the CAC remains in the smart-card reader
3. Action. Defending against attacks using this technology is extremely difficult. The best way to keep military networks secure is to train troops and civilian employees not to open any unfamiliar files or email attachments. To lure defense workers to open the infected attachment, some of the emails have used information about new drone technology and pictures of unmanned aerial vehicles.
4. Coordinating Instructions.
USER PREVENTIVE ACTIONS:
(1) If you receive an E-Mail from someone you do not know in which the sender urges you to open any imbedded internet links or attached .pdf files.
(a) DO NOT: Open the attached files
(b) DO NOT: Access the imbedded internet links
(c) DO NOT: Respond to the E-Mail
(d) DO NOT: Forward the email to anyone.
(2) Instead, you should delete the E-Mail and then empty your deleted items folder in Outlook.