"Slingshot is a sophisticated threat, employing a wide range of tools and techniques, including kernel mode modules that have to date only been seen in the most advanced predators", said Alexey Shulmin, lead malware analyst, Kaspersky Lab.
Perhaps one of the most interesting aspects of this malware is its ability to go undetected. The researchers also include the possibilities of victim's getting infected through a Windows exploit. Slingshot's code suggests that its developers speak English language and it's believed that some organized state-sponsored actor hacker group fuels the malware.
Slingshot appeared to spread via routers produced by Latvian company MikroTik, although Kaspersky has noted that other techniques - such as the exploitation of zero-day vulnerabilities - could have helped spread the threat.
The loader ingeniously communicates back to the router to download the more risky components of the payload (the router basically acts as the hacker's Command and Control (CnC) server).
Yoel Romero Confirms Rematch Against Robert Whittaker Planned for UFC 225
While its been expected that Romero and Whittaker will fight next, a date has never been officially announced. He was supposed to defend the belt against Luke Rockhold at UFC 221 but had to pull out due to injury.
"Following infection, Slingshot would load a number of modules onto the victim device, including two huge and powerful ones: Cahnadr, the kernel mode module, and GollumApp, a user mode module". The two are then able to support each other to gather data, and then send it out to the attacker. According to Kaspersky, a cluster of activity from the Slingshot campaign "started in at least 2012", so it's been around for at least six years.
One of the most remarkable things about Slingshot is its unusual attack vector.
One incredibly sophisticated thing the malware did to hide its existence was to use an encrypted virtual file system located in an unused part of the hard drive.
As such, Slingshot looks like it may have been produced for the objective of espionage rather than money-making.
That's likely why a nation-state is behind the attack.
After Indian diplomats targeted, Pakistan puts out Delhi incident video
The video shows a white Maruti auto driving slowly, in front of the Pakistan diplomat's vehicle , blocking the way. The Pakistanis claimed the incident took place while the diplomat was returning to his home in Vasant Vihar.
The malware also uses many tricks to avoid detection, including shutting down its components when it detects forensic research.
Over half the compromised computers were in Kenya and Yemen, with the remainder in Libya, Afghanistan, Iraq, Tanzania, Greece, Jordan, Mauritius, Somalia, Tunisia, Turkey, and United Arab Emirates.
The majority of those targets appear to have been individuals. Most of the victims appear to be targeted individuals, rather than organizations, but, there are some government organizations and institutions. For now, nobody is sure who controls the sophisticated payload.
This guesswork is given a little more credence given that Kaspersky's researchers noted that debug messages were written in ideal English.
At this point, most of the Slingshot victims found by Kaspersky are based in African and Middle Eastern countries. The fact that it contains flawless English may implicate the NSA, CIA, or GCHQ. This is nearly impossible do to in updated operating systems, though Slingshot manages the feat by searching computers for signed vulnerable drivers, and then uses them to run its own malicious code. Text clues in the code suggest it is English-speaking; however, accurate attribution is always hard, if not impossible to determine, and increasingly prone to manipulation and error. Users of Mikrotik routers must update to the newest software version as soon as possible to ensure protection against Slingshot. MikroTik has been informed and fixed the issue, but Kaspersky believes this is not the only brand which was used during the campaign.
Vikings to say goodbye to Case Keenum, Sam Bradford, Teddy Bridgewater
Siemian, Lynch and Chad Kelly, a seventh-rounder previous year who sat out his rookie season with injuries, remain on the roster. Nothing is official, however, and it's still possible that Cousins could leave his visit to Minnesota Wednesday without a deal.