NSA's Payload for the 'Phuctorable' MikroTik Routers Found

Posted on by

Kaspersky Inc has published an analysis (archived) of a MS Windows rootkit, therein nicknamed "Slingshot".

The item exhibits the traditional smell of USG-authored shitware, e.g. validly-signed Windows drivers for the persistence layer. However the more interesting aspect is that it is spread via infected routers, of a type which, astonishingly even for consumer shitware, forces the execution of a x86 Windows binary for initial configuration.

An infected router dutifully augments this configurator with a rootkit installer; the rootkit, in turn, contains the typical keylogger and saved-password-collector, network topology probe, etc. components.

The more interesting and "unmentioned/unmentionable" aspect is however the identity of the router's manufacturer:

MikroTik. That very same Latvian USG shill company that's been deploying routers with nonfunctional RNGs and trivially-Phuctorable SSH keys for its entire existence. And dutifully spreads obfuscatory squid ink whenever the danger of public exposure seems acute.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>