A security firm has released a report in which it discusses how an advanced threat actor has been lodging malicious software into foreign target computers’ firmware for more than a decade.
According to the report published by Kaspersky Labs, the threat actor, known as “The Equation Group,” uses multiple malware platforms on par with Regin, Stuxnet, Flame, and other high-profile cyber espionage tools.
These and other capabilities make The Equation Group one of the most advanced cyber attack groups in the world today.
“It seems to me Equation Group are the ones with the coolest toys,” comments Costin Raiu, director of Kaspersky Lab’s global research and analysis team. “Equation Group are definitely the masters, and they are giving the others, maybe, bread crumbs. From time to time they are giving them some goodies to integrate into Stuxnet and Flame.”
Nowhere in the report does Kaspersky Lab mention the National Security Agency, which was responsible for the creation of Stuxnet and Flame. Even so, the report’s evidence strongly implicates the U.S. intelligence agency.
Accordingly, The New York Times reports that the Equation Group’s activities are part of “The Olympic Games,” a large program co-managed by the United States and Israel that uses malware to infect foreign targets beyond those compromised in the 2010 Stuxnet attack.
As part of this on-going campaign, the Equation Group uses watering holes to compromise jihadhist websites and infects removable media such as CDs with a number of spyware programs, including Equationlaser, Equationdrug, Doublefantasy, and Triplefantasy.
Many of these Trojans reach all the way to a computer’s firmware, embedded software which is beyond the reach of anti-virus software. Firmware prepares a computer’s hardwire prior to starting up. As such, these types of exploits are second only to attacks that target a system’s Bios code.
According to the report, the group’s exploits work on disk drives sold by some of the most prominent tech companies, including Western Digital, Seagate, Toshiba, and Samsung.
The NSA has yet to comment on Kaspersky’s findings.