Slingshot Malware Found Infecting Machines via Compromised Routers
Target: The current targets for this malware are “sysadmin” users who use MikTrotik routers.
Attack Vector: Zeroday vulnerability in MikroTik Routers and Data leaks.
Summary: An APT malware, dubbed Slingshot, has been discovered in Mikrotik routers. It is currently unknown how the initial infection of the routers takes place, however, once transferred on to a device, it is able to load a number of different modules providing the attackers with the ability to steal a variety of information. The malware has been active since at least 2012, however, has only been detected in February of this year.
Risk assessment summary: The campaign is still live and the threat from information stealing malware is directly. The risk is dependent on the information held on the infected device, this is heightened as this malware attempts to infiltrate “sysadmin” machines. Although the malware has been seen to have infected a small number of victims, it is highly likely that that number is much more substantial with the information gained being used in retaliation against the suspected nation-state actors.