DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
August 9, 2020 
Main Menu
News archives

Who's Online
There are currently 125 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

Equation Group (NSA) malware hides into HDD/SSD firmware

Posted on Tuesday, February 17 2015 @ 13:15:23 CET by

Security researchers from Kaspersky Labs exposed a highly sophisticated cyber espionage operation that invades the firmware of hard drives built by all major manufacturers. Once a hard drive was infected, the malware runs every time you boot the computer and unlike traditional malware it can't be removed simply be formatting and reinstalling an OS. This is not the only feat Kaspersky discovered, but the ability to infect HDD firmware in the wild makes the Equation Group one of the most advanced threat actors the security firm has ever seen.

Earlier versions of the malware supported Maxtor, Seagate, WD, and Samsung but newer, upgraded modules added support for HGST, IBM, Hitachi, ExcelStor, Micron, Toshiba, OCZ, OWC, Corsair and Mushkin so pretty much all storage devices, including SSDs, can be infected. Kaspersky does note that the firmware reprogramming appears to be extremely rare, they've only identified a few victim who were targeted by this kind of attack. The firm speculate the Equation Group reserves HDD reprogramming for the most valuable victims or for some very unusual circumstances.

The malware originates from the "Equation Group", an organisation believed to have ties with the US government, and Kaspersky claims the complexity and scale of the operation makes Stuxnet seem like child play. A 44-page long report that details Kaspersky's findings can be read over here (PDF). Reuters spoke to its sources and received confirmation that the NSA is behind these attacks.

Victims of the Equation group were observed in more than 30 countries, including Iran , Russia , Syria , Afghanistan , Kazakhstan , Belgium , Somalia , Hong Kong , Libya , United Arab Emirates , Iraq , Nigeria , Ecuador , Mexico , Malaysia , United States , Sudan , Lebanon , Palestine , France , Germany , Singapore , Qatar , Pakistan , Yemen , Mali , Switzerland , Bangladesh , South Africa , Philippines , United Kingdom , India and Brazil .
Equation has been active perhaps as early as 1996, but it boosted its operations in 2008, developing several incredibly powerful cyberweapons, Kaspersky named these tools Equationdrug, Doublefantasy, Triplefantasy, Grayfish, Fanny and Equationlaser. Together, this malware suite was able to infect Windows computers, USB sticks and even hard drive firmware, letting Equation steal data from targeted computers and stay undetected for years.


All in all, Kaspersky counted more than 500 infections globally, many on important, server-type machines. However, infections have a self-destruct mechanism, meaning there may have been many more, which are now undetectable.
Equation Group map

Source: Mashable



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba