Sykipot malware used in recent, targeted attacks against defense contractors appears to have been designed, at least in part, to steal information relating to U.S. military drones and unmanned aerial vehicles. Researchers at AlienVault Labs found that the attacks have been running since at least August 2011. The attackers often include information–in the form of attachments–that they think recipients will find interesting. Most of the domains used on these campaigns are registered on Xinnet, a Chinese domain registrant, said the researchers.”]
Source: https://www.darkreading.com/attacks-breaches/more-sykipot-malware-clues-point-to-china