Slingshot APT
The Slingshot APT is a secretive group of cybercriminals whose activity has been traced back to 2012. Although the group's malware has been analyzed thoroughly, experts are yet unable to give a confident guess regarding Slingshot APT's motivations and nationality. The group appears to use English strings most of the time, but there is nothing else that could help guess their country of origin. The group's targets also are very diverse, and parts of their hacking implants have been discovered on networks in Tanzania, Somalia, Iraq, Turkey, Congo, Afghanistan, Yemen and other Middle-Eastern or African countries. Judging by the complexity of Slingshot APT's operation and malware, it is safe to assume that the group's members are very experienced in the hacking field, and it would not be a surprise if they are state-sponsored.
Slingshot APT's Stealthy Tactics are Still a Mystery
One of the unique things about Slingshot APT's activities is that their initial infection vector is not yet fully clear. The group may rely on a zero-day Windows exploit, which is yet to be discovered. A different theory is that they may be exploring a vulnerability found in Mikrotik routers and, in particular, the Winbox Loader software used to manage routers of this brand. According to researchers, the Slingshot APT's initial payload is delivered via a copy of the Winbox Loader software suite, but it is not clear how they do this exactly. What is known is that victims using this software might get a corrupted 'ipv4.dll' file when they try to download legitimate components. The DLL in question works as a Trojan-Downloader, and it will connect to a remote control server to fetch additional payloads.
What is spectacular about the Slingshot APT campaign is that its modules are able to work in either user mode or kernel mode. While the former is typical for malware components, the latter is much more impressive. In short, an application operating in kernel mode has unsupervised and direct access to all of the computer's hardware and instructions. Basically, this may enable the Slingshot APT hackers to bypass all kinds of security measures if they manage to plant the required modules.
Cybersecurity experts note that the criminals behind the Slingshot APT campaign are among the best in the branch probably. Their ability to stay undetected for nearly a decade while striking hundreds of victims in different regions is undoubtedly proof of their expertise and experience.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.