Federated learning is vulnerable to malicious client poisoning attacks, yet existing approaches suffer from high attack costs and poor stealth. This paper proposes a Sybil-enhanced virtual data poisoning framework that amplifies attack efficacy via lightweight pseudo-client generation. Our method addresses three key challenges: (1) a gradient-matching-driven virtual data generation mechanism that drastically reduces computational and communication overhead; (2) the first unified inverse model reconstruction scheme covering online local, online global, and offline settings; and (3) explicit modeling of non-IID data distributions to enhance cross-client generalizability of the attack. Extensive experiments demonstrate that our approach efficiently reconstructs the global target model across diverse non-IID configurations, achieving significantly higher attack success rates while maintaining superior stealth and substantially lower resource consumption compared to state-of-the-art baselines.

Federated learning is vulnerable to poisoning attacks by malicious adversaries. Existing methods often involve high costs to achieve effective attacks. To address this challenge, we propose a sybil-based virtual data poisoning attack, where a malicious client generates sybil nodes to amplify the poisoning model's impact. To reduce neural network computational complexity, we develop a virtual data generation method based on gradient matching. We also design three schemes for target model acquisition, applicable to online local, online global, and offline scenarios. In simulation, our method outperforms other attack algorithms since our method can obtain a global target model under non-independent uniformly distributed data.