Slingshot: Avoiding Sophisticated Cyber Espionage

Uploaded on 2018-03-22 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Researchers from Kaspersky Lab, a Moscow-based cyber security and anti-virus provider, have said in a report that it has discovered a highly sophisticated cyber-espionage campaign called Slingshot that spreads through compromised routers and remains undetected for years.

Slingshot is as complex as Project Sauron, the malware that remained undetected for five years and believed to be designed by a state-sponsored group. Another malware, Regin, that infected computers in several countries including India remained undetected for several years.

According to the researchers, there are almost 100 Slingshot victims, mainly from the Middle East and African countries. The threat is believed to have started in at least 2012 and is still active (February 2018). It went on to say that most of the victims initially got their computers infected through compromised Mikrotik routers or windows exploit.

The researchers said that a malicious code is found in several compromised routers made by the Latvian network hardware provider, making them believe that Slingshot is able to target victims by directly infecting such routers. However, they are clueless about how exactly the Mikrotik routers are compromised.

"The discovery of Slingshot reveals another complex ecosystem where multiple components work together in order to provide a very flexible and well-oiled cyber-espionage platform," wrote Kaspersky Lab researchers in its report. 

"The malware is highly advanced, solving all sorts of problems from a technical perspective and often in a very elegant way, combining older and newer components in a thoroughly thought-through, long-term operation, something to expect from a top-notch well-resourced actor," they added.

The malware can run in both kernel mode and user mode modules, which means attackers can have complete control over a compromised device.

How to avoid falling victim to Slingshot malware
Here are measures suggested by Kaspersky Lab researchers to keep advanced persistent threats (APTs) like Slingshot at bay:

  • Upgrade your Mikrotik router to the latest software version. However, it said you can avoid only one attack vector with such updates and not from the APT itself.
  • Implement a strategic approach to deal with attacks from the sophisticated malware. Security solutions like Kaspersky. 

Kaspersky's Threat Management and Defense tools can detect APT and come with expert services. If a targeted attack is detected, cybersecurity experts will act accordingly before any harm is done.

IB Times

You Might Also Read:

Gateway For Hackers:

Russian Spies Used Kaspersky Anti-V To Hack NSA:

 

 

« Cambridge Analytica Claim To Sway Elections With Facebook Data
Crypto Mining Malware Hits Business »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CERT Polska

CERT Polska

CERT Polska is the first Polish computer emergency response team and operates within the structures of NASK (Research and Academic Computer Network) research institute.

Professional Information Security Association (PISA)

Professional Information Security Association (PISA)

PISA is an independent and not-for-profit organization for information security professionals, with the primary objective of promoting information security awareness and best practice.

Mobile Guroo

Mobile Guroo

Mobile Guroo is a strategy and systems integrator for Enterprise Mobility Management projects.

SecureNow Insurance Broker

SecureNow Insurance Broker

SecureNow is a commercial insurance broker based in India. Services offered include Cyber Risk insurance.

S2 Grupo

S2 Grupo

S2 Grupo is the benchmark company in Europe and Latin America, for Cyber Intelligence and mission critical systems operations.

SlowMist

SlowMist

SlowMist is a blockchain ecosystem security company providing cybersecurity audits and protection for leading digital asset exchanges, crypto wallets, public chains, and smart contracts.

McIntyre Associates

McIntyre Associates

McIntyre Associates is an Executive Search boutique specialized in recruiting for the Cybersecurity industry. Our clients range from Venture Capital backed startups to Fortune 100 companies.

Akito

Akito

Akito was set up to become a point of reference in the ICT market for issues related to Security and in particular Cyber Security.

Intracom Telecom

Intracom Telecom

Intracom Telecom is a global telecommunication systems & solutions vendor offering a complete range of professional services and solutions including Information Security.

Fortiedge

Fortiedge

Fortiedge is an IT Security solution provider specializing in Cyber Security practices and solutions for our clients.

Evanssion

Evanssion

Evanssion is a value added distributor specialized in Cloud Native & Cyber Security across Middle East & Africa.

Celera Networks

Celera Networks

Celera Networks is a managed services provider specializing in cybersecurity, cloud and managed IT services.

DC Two

DC Two

DC Two are a locally operated and supported Australian data centre, offering a suite of vertically integrated services covering every part of the data centre and cloud technology stack.

NETAND

NETAND

NETAND privileged access and identity management solutions will secure your business from cyber threats.

Converged Communication Solutions

Converged Communication Solutions

Converged is an independent Internet Service Provider, telephony, IT support and security specialist.

Finlaw Associates

Finlaw Associates

Finlaw Associates is a trusted cybercrime law firm providing a wide range of taxation, legal, advisory and regulatory services to the financial, commercial and industrial communities.