It has been a while since we published information about Sykipot. The last time we blogged about it, we discovered a variant that was able to bypass two-factor authentication to access protected resources on the victim’s network.
We have detected a new wave of Sykipot campaigns that has been running during the past weeks. There are several changes between the new Sykipot campaigns and the older ones.
The first difference is that in previous campaigns the Sykipot authors mainly used file-format exploits to gain access to the systems through spearphishing mails.