Threat Management, Threat Management, Threat Intelligence, Malware

Kaspersky research on Slingshot APT campaign reportedly exposes U.S. counterterrorism operation

A recently published Kaspersky Lab report that exposed a sophisticated, six-year cyber espionage campaign targeting the Middle East and Africa disrupted an active counterterrorism operation, according to a news article this week by CyberScoop, citing current and former U.S. intelligence officials.

The APT campaign, called Slingshot, leveraged compromised routers and probably Windows exploits to infect targets with advanced spyware that provided kernel-level access to screenshots, keyboard activity, network data, passwords, USB connections, desktop activity, clipboard savings, personal information and more. Although the Kaspersky report didn't explicitly attribute the campaign to a particular actor, the company noted that clues in the actor's code and technique pointed to the CIA, while the campaign itself bore some similarities to past NSA malware programs.

As it turns out, officials reportedly told CyberScoop the program was the work of the Joint Special Operations Command (JSOC), a component of the Department of Defense's Special Operations Command (SOCOM), a unit not traditionally known for engaging in cyber activity.

Reportedly, JSOC's Slingshot campaign was leveraging malware called GollumApp and Canhadr to exfiltrate information from computers that terrorists commonly use in internet cafes. A former intelligence official was quoted in the news report as saying the U.S. likely has already abandoned and burned the digital infrastructure behind campaign, following Kaspersky's exposé.

Officially reportedly worry the U.S. may have lost a valuable surveillance program that helped protect its soldiers -- a concern that could make the relationship between Kaspersky and the U.S. even frostier, after Congress and the Department of Homeland Security banned the federal use of Kaspersky products due to fears they were being used by Russia to spy on American assets.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.