Kaspersky researchers said Slingshot, a threat used for cyber-espionage, has impacted 100 victims in Kenya, Yemen, Afghanistan, Libya, Congo, Jordan, Turkey, Iraq, Sudan, Somalia and Tanzania.
Most of the victims appear to be targeted individuals rather than organizations, but there are some government organizations and institutions. Kenya and Yemen account for most of the victims observed, Kaspersky said.
“Slingshot is a sophisticated threat, employing a range of tools and techniques, including kernel mode modules that have to date only been seen in the most advanced predators,” said Alexey Shulmin, lead malware analyst, Kaspersky Lab.
Kaspersky Lab said the threat used for cyber-espionage in the Middle East and Africa was on from at least 2012 until February 2018. The malware attacks and infects victims through compromised routers and can run in kernel mode, giving it complete control over victims’ devices.
According to researchers, many of the techniques used by this threat actor are unique and it is extremely effective at stealthy information gathering, hiding its traffic in marked data packets that it can intercept without trace from everyday communications.