Kaspersky: Malware Slingshot lurks for six years and spreads

  Routers配置     |      2023-04-17 07:29

Researchers at Kaspersky Lab have just discovered a malware that infects at least 100 computers worldwide, but the most surprising thing is that it has been lurking for 6 years before being exposed. In a 25-page report released on Friday, Kaspersky mentioned that in some of the recovered malware samples, they noticed a malicious software named Slingshot. It can be said to be one of the most advanced attack platforms discovered so far. It is likely to be a team with adequate resources and even a national background.

slingshot-modules-800x426.png

Kaspersky noted that Slingshot had a fight with Regin, an advanced backdoor that infect Belgium Telecom and other confidential targets many years ago, and another malware named Project Sauron.

The emergence of Slingshot reveals another complex ecosystem where multiple components work together to provide a very flexible and well-functioning cyber spy platform.

This malicious software is extremely advanced. From a technical point of view, through the combination of old and new components, and through a series of thoughtful and long-term operations, it can solve various problems with a very elegant posture. This is a rich resource of first-rate operators. Expected.

slingshot-geography-640x321.png

It is not clear to the researchers how Slingshot was affected by the original goal, but in some cases Slingshot's operators can access routers built by Latvian manufacturer MikroTik and have malicious code embedded in them.

The specific technical details about the routers are also unclear, but they are designed to use a MikroTik configuration tool called Winbox to download dynamic link library files, such as "ipv4.dll" (a malicious download agent created by the Slingshot developer).

Kaspersky said: "Slingshot is an extremely sophisticated malware. The developers behind it obviously invested a lot of time and money in creating it." As far as we know, its carrier is not only eye-catching but also unique.

[Compiled from:ARSTechnica, Source:Kaspersky Lab]