Malware Analysis: Slingshot APT Exposed From 6 Years of Hiding
Designed for cyber espionage, Slingshot APT (Advanced Persistent Threat) has hidden from researchers for over 6 years and has infected at least 100 hosts worldwide in the Middle East and Africa. The malware used exploits on Mikrotik routers and has been listed as one of the most sophisticated attacks discovered rivalling Project Sauron (nation-state funded malware) and Regin (the malware that infiltrated Proximus Group ). Due to the sophisticated nature of Slingshot APT, Kaspersky Labs report suspects the malware has received significant resource and financial backing and was the result of a highly-targeted attack plan. Slingshot APT is able to log user data, collect open windows, keystrokes and network data among other functionalities. Slingshot APT works by replacing a legitimate Windows DLL ( scesrv.dll or spoolsv.exe ) related to Virtual File System, with a malicious one. There are two embedded loaders in Slingshot in the case of the first loader failing, the second loade...