1. IT-Security >
  2. Cyber Security Nachrichten >
  3. 'Slingshot' Is U.S. Government Operation Targeting Terrorists: Report


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

'Slingshot' Is U.S. Government Operation Targeting Terrorists: Report

RSS Kategorie Pfeil IT Security Nachrichten vom | Quelle: feedproxy.google.com Direktlink öffnen

The Slingshot cyber espionage campaign exposed recently by Kaspersky Lab is a U.S. government operation targeting members of terrorist organizations, according to a media report.

Earlier this month, Kaspersky published a report detailing the activities of a threat actor targeting entities in the Middle East and Africa — sometimes by hacking into their Mikrotik routers. The group is believed to have been active since at least 2012 and its members appear to speak English, the security firm said.

The main piece of malware used by the group has been dubbed Slingshot based on internal strings found by researchers. Kaspersky identified roughly 100 individuals and organizations targeted with the Slingshot malware, mainly in Kenya and Yemen, but also in Afghanistan, Libya, Congo, Jordan, Turkey, Iraq, Sudan, Somalia and Tanzania.

CyberScoop claims to have learned from unnamed current and former U.S. intelligence officials that Slingshot is actually an operation of the U.S. military’s Joint Special Operations Command (JSOC), a component of Special Operations Command (SOCOM), aimed at members of terrorist organizations such as ISIS and al-Qaeda. SOCOM is well known for its counterterrorism operations, which can sometimes include a cyber component.

CyberScoop’s sources expressed concern that the exposure of the campaign may result in the U.S. losing a valuable surveillance program and it could even put the lives of soldiers at risk. The Slingshot infrastructure was likely already abandoned and “burned” following the disclosure, one former intelligence official told the publication.

Kaspersky has always insisted that its role is to protect customers against cyber threats, regardless of the source of an attack. The company typically refrains from attributing attacks, but it has exposed operations believed to be linked to Russia, China, the United States and others.

In the case of Slingshot, Kaspersky has not directly attributed the campaign to the United States, but it did note that the hackers appear to speak English. The company also pointed out that some of the techniques used by this actor are similar to ones leveraged by a group known as Longhorn and The Lamberts, which is believed to be associated with the U.S. Central Intelligence Agency (CIA).

It’s also worth noting that the WikiLeaks Vault7 files, which are believed to be tools developed and used by the CIA, describe a Mikrotik router exploit, although it is unclear if it’s the one used in Slingshot attacks.

Another clue that shows a potential connection between Slingshot and U.S. intelligence is the use of tools and code strings referencing “Lord of the Rings” characters, including Gollum, which is also the name of an implant referenced in NSA documents leaked by Edward Snowden.

Kaspersky’s products were recently banned in U.S. federal agencies due to the company’s alleged ties to Russian intelligence. The security firm has denied the accusations and it has taken legal action in hopes of overturning the ban.

If Slingshot really is a U.S. government operation, Kaspersky's disclosure of the campaign will likely not help its case. One senior U.S. intelligence official told CyberScoop it was unlikely that Kaspersky had been totally unaware of what it was dealing with. CyberScoop cited a source close to Kaspersky saying that researchers may have suspected a Five Eyes nation, but they couldn’t have known for sure.

One of the incidents that led officials to believe Kaspersky may be linked to the Kremlin involved an NSA contractor from which Russian hackers allegedly stole information on how the U.S. penetrates foreign networks and how it defends against cyberattacks. Kaspersky’s analysis showed that its antivirus product did automatically upload some files related to the NSA-linked Equation Group from a user’s computer, but the company said the files were deleted from its systems after it noticed that they contained classified information.

Related: Attribution Hell - Cyberspies Hacking Other Cyberspies

Related: The Increasing Effect of Geopolitics on Cybersecurity

view counter
Eduard Kovacs is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
...

Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu 'Slingshot' Is U.S. Government Operation Targeting Terrorists: Report






Ähnliche Beiträge

  • 1. 'Slingshot' Is U.S. Government Operation Targeting Terrorists: Report vom 362.12 Punkte ic_school_black_18dp
    The Slingshot cyber espionage campaign exposed recently by Kaspersky Lab is a U.S. government operation targeting members of terrorist organizations, according to a media report. Earlier this month, Kaspersky published a report detailing the activities
  • 2. 'Slingshot' Is U.S. Government Operation Targeting Terrorists: Report vom 362.12 Punkte ic_school_black_18dp
    The Slingshot cyber espionage campaign exposed recently by Kaspersky Lab is a U.S. government operation targeting members of terrorist organizations, according to a media report. Earlier this month, Kaspersky published a report detailing the activities
  • 3. TA17-164A: HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure vom 119.19 Punkte ic_school_black_18dp
    Original release date: June 13, 2017 | Last revised: August 23, 2017Systems Affected Networked Systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal B
  • 4. Why do we need Q#? vom 117.56 Punkte ic_school_black_18dp
    You may be familiar with the Microsoft Quantum blog, which shares general news about our quantum computing program and about quantum computing in general. This blog is its developer- and community-focused partner. It will host technical posts, deep d
  • 5. 'Slingshot' Malware That Hid For Six Years Spread Through Routers vom 107.49 Punkte ic_school_black_18dp
    An anonymous reader quotes a report from Engadget: Security researchers at Kaspersky Lab have discovered what's likely to be another state-sponsored malware strain, and this one is more advanced than most. Nicknamed Slingshot, the code spies on PCs through
  • 6. 'Slingshot' Malware That Hid For Six Years Spread Through Routers vom 107.49 Punkte ic_school_black_18dp
    An anonymous reader quotes a report from Engadget: Security researchers at Kaspersky Lab have discovered what's likely to be another state-sponsored malware strain, and this one is more advanced than most. Nicknamed Slingshot, the code spies on PCs through
  • 7. Siemens Patches Flaws in SIMATIC Controllers, Mobile Apps vom 90.15 Punkte ic_school_black_18dp
    German industrial giant Siemens has released security patches for several of its SIMATIC products, including some controllers and a mobile application. Organizations using SIMATIC products were informed by both Siemens and ICS-CERT this week of a denial-
  • 8. Siemens Patches Flaws in SIMATIC Controllers, Mobile Apps vom 90.15 Punkte ic_school_black_18dp
    German industrial giant Siemens has released security patches for several of its SIMATIC products, including some controllers and a mobile application. Organizations using SIMATIC products were informed by both Siemens and ICS-CERT this week of a denial-
  • 9. Code Execution Flaws Found in ManageEngine Products vom 90.15 Punkte ic_school_black_18dp
    Researchers at cybersecurity technology and services provider Digital Defense have identified another round of vulnerabilities affecting products from Zoho-owned ManageEngine. ManageEngine provides network, data center, desktop, mobile device, and securi
  • 10. Code Execution Flaws Found in ManageEngine Products vom 90.15 Punkte ic_school_black_18dp
    Researchers at cybersecurity technology and services provider Digital Defense have identified another round of vulnerabilities affecting products from Zoho-owned ManageEngine. ManageEngine provides network, data center, desktop, mobile device, and securi
  • 11. Fraud Prevention Firm Sift Science Raises $53 Million vom 90.15 Punkte ic_school_black_18dp
    Fraud prevention and risk management solutions provider Sift Science today announced that it has closed a $53 million Series D funding round, bringing the total raised to date by the company to $107 million. The latest funding round was led by New York-based growth equity firm
  • 12. Fraud Prevention Firm Sift Science Raises $53 Million vom 90.15 Punkte ic_school_black_18dp
    Fraud prevention and risk management solutions provider Sift Science today announced that it has closed a $53 million Series D funding round, bringing the total raised to date by the company to $107 million. The latest funding round was led by New York-based growth equity firm