Kaspersky has been uncovers Slingshot campaign targets Africa and the Middle East since 2012

Kaspersky Security Labs has now identified an advanced APT hacker group that has been operating since 2012 but has never been noticed before.

The hacking group uses advanced malware Slingsho to attack users through routers. Currently, there are more than 100,000 users infected in the Middle East and Africa.

The target of hacking is the Mikrotik router of the Latvian network hardware provider. An unknown security hole in the router’s pre-installed firmware can be exploited.

Try to infect the user’s computer through the router:

Of course, the main purpose of hackers is not to use routers to infect users. Routers are only used as springboards to attack users’ computers.

If the user runs the WinboxLoader supporting software on the router, it will automatically load the hacker’s malicious files from the router into the computer’s memory.

In this way, the hacking organization can secretly infect the user’s computer. There is no pop-up window or unknown hints for the user.

Image: Kaspersky

Full-featured advanced malware:

The malicious software used by a hacker to infect a user’s computer is rich in functionality, including allowing hackers to intercept screens by issuing commands to remote servers.

At the same time, regardless of the account number and password information saved in the user’s browser, or each key pressed by the user hitting the keyboard, they are automatically uploaded to the server.

Complex modules have anti-debugging and security detection to evade security software. This is the main reason that this malware can infect a large number of users.

Use CIA leaked weapons inventory:

Kaspersky is still unclear about how hackers successfully infect routers, but the company believes this may be related to the CIA’s disclosure of data.

Previously, WikiLeaks had disclosed the vulnerability database disclosed by the Central Intelligence Agency of the United States. The vulnerability database contains the contents of the aforementioned routers.

Hackers are likely to have mastered these leaked data long ago, and then insert malicious files into the user’s computer through router firmware vulnerabilities.

Source: securelist

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Written by

@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.