Main Area and Open Discussion > Living Room
Destroying your hard drive is the only way to stop this super-advanced malware
Renegade:
This looks like some pretty nasty, nasty stuff.
http://www.pcworld.com/article/2884952/equation-cyberspies-use-unrivaled-nsastyle-techniques-to-hit-iran-russia.html
A cyberespionage group with a toolset similar to ones used by U.S. intelligence agencies has infiltrated key institutions in countries including Iran and Russia, utilizing a startlingly advanced form of malware that is impossible to remove once it's infected your PC.
Kaspersky Lab released a report Monday that said the tools were created by the “Equation” group, which it stopped short of linking to the U.S. National Security Agency.
The tools, exploits and malware used by the group—named after its penchant for encryption—have strong similarities with NSA techniques described in top-secret documents leaked in 2013.
Countries hit the most by Equation include Iran, Russia, Pakistan, Afghanistan, India and China. Targets in those countries included the military, telecommunications, embassies, government, research institutions and Islamic scholars, Kaspersky said.
Kaspersky’s most striking finding is Equation’s ability to infect the firmware of a hard drive, or the low-level code that acts as an interface between hardware and software.
The malware reprograms the hard drive’s firmware, creating hidden sectors on the drive that can only be accessed through a secret API (application programming interface). Once installed, the malware is impossible to remove: disk formatting and reinstalling the OS doesn’t affect it, and the hidden storage sector remains.
“Theoretically, we were aware of this possibility, but as far as I know this is the only case ever that we have seen of an attacker having such an incredibly advanced capability,” said Costin Raiu, director of Kaspersky Lab’s global research and analysis team, in a phone interview Monday.
--- End quote ---
There was a security researcher a year or so ago that released details on this (but on mobile platforms) or something similar, but I forget who or where I saw it. Does anyone else remember?
It's pretty simple at a high level -- secret sectors are created, then hidden as bad sectors or something.
I'm not sure if this is basically the same thing or if it's different. It seems different, but my memory is a tad fuzzy. I think the other one was for Flash Nand memory only.
vortext:
This is very different. This is a weapons grade piece of malware. A real game changer for everyone. It is sophisticated enough that it smells of very high level government involvement. Many think it is the Unites States NSA working through a shady group that has eluded security researchers for many years. Researchers call them The Equation Group.
The article you want to read to learn more about this is on ArsTechnica:
http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/
It is very saddening news.
mouser:
Fascinating reading.
Renegade:
This is very different. This is a weapons grade piece of malware. A real game changer for everyone. It is sophisticated enough that it smells of very high level government involvement. Many think it is the Unites States NSA working through a shady group that has eluded security researchers for many years. Researchers call them The Equation Group.
The article you want to read to learn more about this is on ArsTechnica:
http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/
It is very saddening news.
-vortext (February 17, 2015, 09:25 PM)
--- End quote ---
After reading that... Just. Wow. That's beyond impressive.
Vurbal:
A government sponsored team of super hackers - what could possibly go wrong?
Navigation
[0] Message Index
[#] Next page
Go to full version