<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=windows-1252">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p>Esto debe afectuar a LAC tambien, ya que muchos usan MikroTik.</p>
    <p>This should affect the LAC region too, since so many use
      MikroTik.<br>
    </p>
    <div class="moz-forward-container"><br>
      -------- Forwarded Message --------
      <table class="moz-email-headers-table" border="0" cellpadding="0"
        cellspacing="0">
        <tbody>
          <tr>
            <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Subject:
            </th>
            <td>[afnog] Slingshot APT: Malware spread via routers</td>
          </tr>
          <tr>
            <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Date: </th>
            <td>Tue, 13 Mar 2018 13:48:51 +0400</td>
          </tr>
          <tr>
            <th align="RIGHT" nowrap="nowrap" valign="BASELINE">From: </th>
            <td>Daniel Shaw <a class="moz-txt-link-rfc2396E" href="mailto:daniel@afrinic.net"><daniel@afrinic.net></a></td>
          </tr>
          <tr>
            <th align="RIGHT" nowrap="nowrap" valign="BASELINE">To: </th>
            <td>afnog <a class="moz-txt-link-rfc2396E" href="mailto:afnog@afnog.org"><afnog@afnog.org></a></td>
          </tr>
        </tbody>
      </table>
      <br>
      <br>
      <pre>For anyone that uses MikroTik, now is a good time to make sure your firmware is updated and scan any network admins' windows workstations.

<a class="moz-txt-link-freetext" href="https://www.kaspersky.com/blog/web-sas-2018-apt-announcement-2/21514/">https://www.kaspersky.com/blog/web-sas-2018-apt-announcement-2/21514/</a>

<a class="moz-txt-link-freetext" href="https://arstechnica.com/information-technology/2018/03/potent-malware-that-hid-for-six-years-spread-through-routers/">https://arstechnica.com/information-technology/2018/03/potent-malware-that-hid-for-six-years-spread-through-routers/</a>

<a class="moz-txt-link-freetext" href="https://www.engadget.com/2018/03/11/sophisticated-malware-attacks-through-routers/?sr_source=Facebook">https://www.engadget.com/2018/03/11/sophisticated-malware-attacks-through-routers/?sr_source=Facebook</a>

<a class="moz-txt-link-freetext" href="https://securelist.com/apt-slingshot/84312/">https://securelist.com/apt-slingshot/84312/</a>

It doesn't seem to be that widely detected so far, but what makes this one interesting is how long it's remained undetected. And what is perhaps of interest to this list is that is seems to target mostly Africa (and the Middle East).

Regards,
Daniel




_______________________________________________
afnog mailing list
<a class="moz-txt-link-freetext" href="https://www.afnog.org/mailman/listinfo/afnog">https://www.afnog.org/mailman/listinfo/afnog</a>
</pre>
    </div>
  </body>
</html>