Kenya and Tanzania are among countries in Africa and Middle East that have endured a 6 year sophisticated cyber-espionage attack according to global cyber security agency Kaspersky Lab.
The malware which researchers have called ‘Slingshot’ infects victims through compromised routers has shown that the attack has been ongoing undetected since 2012.
Once in the computer, the malware is able to send out commands disguised as a harmless file, penetrating critical areas of the computer and able to nab key information at will.
According to Kaspersky Lab, Slingshot’s main purpose seems to be cyber-espionage. Analysis suggests it collects screenshots, keyboard data, network data, passwords, USB connections, other desktop activity, and clipboard data and more, although its kernel access means it can steal whatever it wants.
Research by the cyber security company showed around 100 victims of Slingshot and its related modules, located in Kenya, Yemen, Afghanistan, Libya, Congo, Jordan, Turkey, Iraq, Sudan, Somalia and Tanzania.
“Slingshot is a sophisticated threat, employing a wide range of tools and techniques, including kernel mode modules that have to date only been seen in the most advanced predators. The functionality is very precious and profitable for the attackers, which could explain why it has been around for at least six years,” said Alexey Shulmin, Lead Malware Analyst, Kaspersky Lab.
While similar malware target institutions, this particular “low-lying stealth” application appear to have targeted individuals, raising fears that it could be related to hidden anti-terror onslaught. Kenya and the Yemen account for most of the victims observed so far.
“The development time, skill and cost involved in creating Slingshot’s complex toolset is likely to have been extremely high. Taken together, these clues suggest that the group behind Slingshot is likely to be highly organized and professional and probably state-sponsored,” Kaspersky Lab noted in a statement.
Kaspersky Lab has recommended the upgrading of router softwares and employing proven corporate grade security solution in combination with anti-targeted attack technologies and threat intelligence which the company offers.