[lacnog] Slingshot APT: Malware spread via routers

Barry Greene bgreene en senki.org
Mar Mar 13 11:38:30 BRT 2018


Step 1 would be to check the iACLs and Exploitable Port Filters on your network. 2017 illustrated that too many ISP, Telcos, Mobile Operators, and Cloud providers allow external IP addresses telnet/ssh into the network’s infrastructure.




> On Mar 13, 2018, at 7:09 AM, Robert MARTIN-LEGENE <robert en pch.net> wrote:
> 
> Esto debe afectuar a LAC tambien, ya que muchos usan MikroTik.
> 
> This should affect the LAC region too, since so many use MikroTik.
> 
> -------- Forwarded Message --------
> Subject:	[afnog] Slingshot APT: Malware spread via routers
> Date:	Tue, 13 Mar 2018 13:48:51 +0400
> From:	Daniel Shaw <daniel en afrinic.net> <mailto:daniel en afrinic.net>
> To:	afnog <afnog en afnog.org> <mailto:afnog en afnog.org>
> 
> For anyone that uses MikroTik, now is a good time to make sure your firmware is updated and scan any network admins' windows workstations.
> 
> https://www.kaspersky.com/blog/web-sas-2018-apt-announcement-2/21514/ <https://www.kaspersky.com/blog/web-sas-2018-apt-announcement-2/21514/>
> 
> https://arstechnica.com/information-technology/2018/03/potent-malware-that-hid-for-six-years-spread-through-routers/ <https://arstechnica.com/information-technology/2018/03/potent-malware-that-hid-for-six-years-spread-through-routers/>
> 
> https://www.engadget.com/2018/03/11/sophisticated-malware-attacks-through-routers/?sr_source=Facebook <https://www.engadget.com/2018/03/11/sophisticated-malware-attacks-through-routers/?sr_source=Facebook>
> 
> https://securelist.com/apt-slingshot/84312/ <https://securelist.com/apt-slingshot/84312/>
> 
> It doesn't seem to be that widely detected so far, but what makes this one interesting is how long it's remained undetected. And what is perhaps of interest to this list is that is seems to target mostly Africa (and the Middle East).
> 
> Regards,
> Daniel
> 
> 
> 
> 
> _______________________________________________
> afnog mailing list
> https://www.afnog.org/mailman/listinfo/afnog <https://www.afnog.org/mailman/listinfo/afnog>
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog

------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20180313/0bad7ae7/attachment.html>
------------ próxima parte ------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20180313/0bad7ae7/attachment.sig>


Más información sobre la lista de distribución LACNOG