<div dir="ltr"><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Robert MARTIN-LEGENE</b> <span dir="ltr"><<a href="mailto:robert@pch.net" target="_blank">robert@pch.net</a>></span><br>Date: Tue, Mar 13, 2018 at 11:09 AM<br>Subject: [lacnog] Slingshot APT: Malware spread via routers<br>To: <a href="mailto:lacnog@lacnic.net" target="_blank">lacnog@lacnic.net</a><br><br><br>
<div bgcolor="#FFFFFF" text="#000000">
<p>Esto debe afectuar a LAC tambien, ya que muchos usan MikroTik.</p>
<p>This should affect the LAC region too, since so many use
MikroTik.<br>
</p>
<div class="m_3712714422681224663m_6200882472306427424moz-forward-container"><br>
-------- Forwarded Message --------
<table class="m_3712714422681224663m_6200882472306427424moz-email-headers-table" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap valign="BASELINE">Subject:
</th>
<td>[afnog] Slingshot APT: Malware spread via routers</td>
</tr>
<tr>
<th align="RIGHT" nowrap valign="BASELINE">Date: </th>
<td>Tue, 13 Mar 2018 13:48:51 +0400</td>
</tr>
<tr>
<th align="RIGHT" nowrap valign="BASELINE">From: </th>
<td>Daniel Shaw <a class="m_3712714422681224663m_6200882472306427424moz-txt-link-rfc2396E" href="mailto:daniel@afrinic.net" target="_blank"><daniel@afrinic.net></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap valign="BASELINE">To: </th>
<td>afnog <a class="m_3712714422681224663m_6200882472306427424moz-txt-link-rfc2396E" href="mailto:afnog@afnog.org" target="_blank"><afnog@afnog.org></a></td>
</tr>
</tbody>
</table>
<br>
<br>
<pre>For anyone that uses MikroTik, now is a good time to make sure your firmware is updated and scan any network admins' windows workstations.
<a class="m_3712714422681224663m_6200882472306427424moz-txt-link-freetext" href="https://www.kaspersky.com/blog/web-sas-2018-apt-announcement-2/21514/" target="_blank">https://www.kaspersky.com/blog<wbr>/web-sas-2018-apt-announcement<wbr>-2/21514/</a>
<a class="m_3712714422681224663m_6200882472306427424moz-txt-link-freetext" href="https://arstechnica.com/information-technology/2018/03/potent-malware-that-hid-for-six-years-spread-through-routers/" target="_blank">https://arstechnica.com/inform<wbr>ation-technology/2018/03/<wbr>potent-malware-that-hid-for-<wbr>six-years-spread-through-route<wbr>rs/</a>
<a class="m_3712714422681224663m_6200882472306427424moz-txt-link-freetext" href="https://www.engadget.com/2018/03/11/sophisticated-malware-attacks-through-routers/?sr_source=Facebook" target="_blank">https://www.engadget.com/2018/<wbr>03/11/sophisticated-malware-at<wbr>tacks-through-routers/?sr_sour<wbr>ce=Facebook</a>
<a class="m_3712714422681224663m_6200882472306427424moz-txt-link-freetext" href="https://securelist.com/apt-slingshot/84312/" target="_blank">https://securelist.com/apt-sli<wbr>ngshot/84312/</a>
It doesn't seem to be that widely detected so far, but what makes this one interesting is how long it's remained undetected. And what is perhaps of interest to this list is that is seems to target mostly Africa (and the Middle East).
Regards,
Daniel
______________________________<wbr>_________________
afnog mailing list
<a class="m_3712714422681224663m_6200882472306427424moz-txt-link-freetext" href="https://www.afnog.org/mailman/listinfo/afnog" target="_blank">https://www.afnog.org/mailman/<wbr>listinfo/afnog</a>
</pre>
</div>
</div>
<br>______________________________<wbr>_________________<br>
LACNOG mailing list<br>
<a href="mailto:LACNOG@lacnic.net" target="_blank">LACNOG@lacnic.net</a><br>
<a href="https://mail.lacnic.net/mailman/listinfo/lacnog" rel="noreferrer" target="_blank">https://mail.lacnic.net/mailma<wbr>n/listinfo/lacnog</a><br>
Cancelar suscripcion: <a href="https://mail.lacnic.net/mailman/options/lacnog" rel="noreferrer" target="_blank">https://mail.lacnic.net/mailma<wbr>n/options/lacnog</a><br>
<br></div><br><br clear="all"><div><br></div>-- <br><div class="m_3712714422681224663gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">Saludos,<br><br><div><span style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13px"><img src="http://p1.wisestamp.com/pixel.png?p=chrome&v=2.2.4.0&t=1307545300719&u=68c595210c4ca423" height="1" width="1"></span><span style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13px"><img src="http://p1.wisestamp.com/pixel.png?p=chrome&v=2.2.4.0&t=1307545445455&u=68c595210c4ca423" height="1" width="1"></span><span style="font-size:13.3px;font-family:Verdana,Arial,Helvetica,sans-serif"><div style="background-color:rgb(248,248,248);padding:0.8em 0.8em 0.3em"><div style="margin:0pt 0pt 8px"><p style="margin:0pt;padding-top:6px;border-top-width:2px;border-top-style:solid;border-top-color:rgb(204,204,204)"><font style="font-size:12px;font-family:Verdana,Arial"><b style="color:rgb(204,0,0)">Ing. José Luis Painceira</b><br><b>PCCP S.A. - <a href="http://www.pccp.net.ar/" target="_blank">http://www.pccp.net.ar</a></b><br><span style="font-size:10px;color:rgb(136,136,136)">Av. Cabildo 2040 15° D - C1428AAP - Buenos Aires - 0810-345-9800</span></font></p></div></div><img src="http://s.wisestamp.com/pixel.png?p=mozilla&v=2.0.1&t=1284499310295&u=731443&e=6857" height="1" width="1"></span></div></div></div></div></div></div></div>
</div>