clear
Tuesday, 17 February 2015
The King of Espionage Malware Revealed: The Equation Group
Share
clear

The Kaspersky Lab  left its Moscow headquarters with  its wintry grip behind to hold a Security Analyst Summit in sunny Cancun, Mexico. Kaspersky has already made it a torrid conference with disclosures last weekend of an estimated $ 1 billion stolen from 100 banks by a network of hackers. CNN reported what was revealed in the Kaspersky report:

…hackers surreptitiously installed spying software on bank computers, eventually learned how to mimic bank employee workflows and used the knowledge to make transfers into bank accounts they had created for this theft.

Yesterday, at the Summit, they introduced another cyber security bombshell, a super malware, The Crown Creator of Espionage: the Equation Group.

Equation Group Connections to Malware Stuxnet, Flame and Duqu

Source:  Kaspersky

 Consider it the granddaddy of Zero-days Malware starting earlier than Stuxnet, and its offspring Duqu, and Flame/Gauss.  Kaspersky dramatically announced:

The team has seen nearly everything, with attacks becoming increasingly complex as more nation-states got involved and tried to arm themselves with the most advanced tools. However, only now Kaspersky Lab’s experts can confirm they have discovered a threat actor that surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades – The Equation Group

Malware in the Group use tools that are very complicated and expensive to develop, in order to infect victims, retrieve data and hide activity in an outstandingly professional way, and utilize classic spying techniques to deliver malicious payloads to the victims.

To infect their victims, the group uses a powerful arsenal of “implants” (Trojans) including the following that have been named by Kaspersky Lab: Equation Laser, EquationDrug, DoubleFantasy, TripleFantasy, Fanny and GrayFish. Without a doubt there will be other “implants” in existence.

According to  Kaspersky what makes the Equation group dangerous  is:

 Ultimate persistence and invisibility- ability to enter hard drives  enabling  reprogramming of firmware:

Ability to retrieve data from isolated networks- using the Fanny malware to map networks via USB memory sticks, and;

Classic spying methods to deliver malware – through  internet and physical means.

 

The Equation Group according to Kaspersky has a powerful and  geographically distributed network  covering more than 300 web domains  involving over 100 servers located in the US, UK, Italy, Germany, Netherlands, Panama, Costa Rica, Malaysia, Colombia and the Czech Republic.  Since 2001, it has infected tens of thousands of “high profile victims”  in over 30 countries. Examples  include: “Government and diplomatic institutions, Telecommunications, Aerospace, Energy, Nuclear research, Oil and Gas, Military, Nanotechnology, Islamic activists and scholars, Mass media, Transportation, Financial institutions and companies developing encryption technologies.”

Kaspersky has observed the Equation Group malware in a number of zero days exploits against, for example Firefox and the Tor browser.   It notes the prowess of its detection with this comment:

Automatic Exploit Prevention technology which generically detects and blocks exploitation of unknown vulnerabilities. The Fanny worm, presumably compiled in July 2008, was first detected and blacklisted by our automatic systems in December 2008.

A FoxNews report gave further examples of  the power of this “sneakiest” of malware:

Kaspersky’s researchers say that the Equation group uses a hacking tool called “GROK.” That is a tool exclusively used by the NSA’s elite cyber-warfare unit, Tailored Access Operations, according to classified NSA documents released by former contractor Edward Snowden last year.

Kaspersky says the Equation group also appears to have ties to Stuxnet, the computer worm that sabotaged Iran’s nuclear enrichment program in 2010 and was later revealed to be a joint U.S.-Israeli project.

The history of the Equation Group malware origins stretches back nearly 20 years:

Kaspersky research director Costin Raiu said the Equation Group hacked into hospitals in China; banks and aerospace companies in Iran; energy companies and government offices in Pakistan; and universities, military facilities and rocket science research institutions in Russia.

They attacked Iran the most, researchers said.

The Equation group also spied on Muslim scholars in the United States and the United Kingdom, Raiu said. It emerged last year that the NSA and FBI have been monitoring the emails of prominent Muslim-American lawyers and activists.

The group monitored keystrokes and stole documents from computers. In one instance in the Middle East, the hackers programmed the malware to specifically look for oil-related shipping contracts and inventory price lists.

Malware attacked Windows computers, Macs and even iPhones.

Unlike other hackers, however, the Equation Group wasn’t interested in destroying computers or wiping them clean, the way North Koreans hurt Sony last year.

“They’re interested in long-term intelligence gathering,” Raiu said.

[How far back does this go?] Kaspersky researchers say the Equation group built some of its earliest malware in 2002, but the computer infrastructure used to spread the group’s computer viruses dates back to 1996.

Their ability to stay quiet this long goes to show how talented they are, the Kaspersky report noted.

As the Kaspersky report stated Enterprise Group could be a co-development of  state sponsors. Given the connections to Stuxnet, Flame/Duqu Groups, it may be likely that it is  a joint project  of the US and Israel.  For a useful understanding of the development and detection of Malware, read Free eBook: Stopping Zero Day Exploits for Dummies.  Also  read the fascinating chronicle of  discovery of Stuxnet by a researcher at a small Belarus anti-virus firm  and  by international cyber sleuths from  anti-virus firms like Kaspersky and others in, In Countdown to Zero Day by Wired cybersecurity writer Kim Zetter.

 

clear
Posted on 02/17/2015 7:09 PM by Jerry Gordon
Comments
No comments yet.


Pre-order at Amazon or Amazon UK today!

Order at Amazon or Amazon UK

Order on Amazon.or Amazon UK.


Amazon donates to World Encounter Institute Inc when you shop at smile.amazon.com/ch/56-2572448. #AmazonSmile #StartWithaSmile

Subscribe

Categories

Adam Selene (2) A.J. Caschetta (7) Ahnaf Kalam (2) Alexander Murinson (1) Andrew Harrod (4) Anne-Christine Hoff (1) Bat Ye'or (6) Bill Corden (1) Bradley Betters (1) Brex I Teer (9) Brian of London (32) Carol Sebastian (1) Christina McIntosh (864) Christopher DeGroot (2) Conrad Black (598) Daniel Mallock (5) David J. Baldovin (1) David P. Gontar (7) David Solway (78) David Wemyss (1) Dexter Van Zile (74) Dr. Michael Welner (3) E. B Samuel (1) Elisabeth Sabaditsch-Wolff (1) Emmet Scott (1) Eric Rozenman (7) Esmerelda Weatherwax (9730) Fergus Downie (23) Fred Leder (1) Friedrich Hansen (7) G. Murphy Donovan (71) G. Tod Slone (1) Gary Fouse (159) Geert Wilders (13) Geoffrey Botkin (1) Geoffrey Clarfield (330) George Rojas (1) Hannah Rubenstein (3) Hesham Shehab and Anne-Christine Hoff (1) Hossein Khorram (2) Howard Rotberg (13) Hugh Fitzgerald (21164) Ibn Warraq (10) Ilana Freedman (2) James Como (23) James Robbins (1) James Stevens Curl (2) Janice Fiamengo (1) jeffrey burghauser (1) Jenna Wright (1) Jerry Gordon (2516) Jerry Gordon and Lt. Gen. Abakar M. Abdallah (2) Jesse Sandoval (1) John Constantine (122) John Hajjar (5) John M. Joyce (392) John Rossomando (1) Jonathan Ferguson (1) Jonathan Hausman (4) Jordan Cope (1) Joseph S. Spoerl (10) Kenneth Francis (2) Kenneth Hanson (1) Kenneth Lasson (1) Kenneth Timmerman (27) Lorna Salzman (9) Louis Rene Beres (37) Manda Zand Ervin (1) Marc Epstein (9) Mark Anthony Signorelli (11) Mark Durie (7) Mark Zaslav (1) Mary Jackson (5065) Matthew Hausman (44) Matthew Stewart (1) Michael Curtis (667) Michael Rechtenwald (21) Mordechai Nisan (2) Moshe Dann (1) NER (2590) New English Review Press (87) Nidra Poller (73) Nikos A. Salingaros (1) Nonie Darwish (10) Norman Berdichevsky (86) Paul Oakley (1) Paul Weston (5) Paula Boddington (1) Peter McGregor (1) Peter McLoughlin (1) Philip Blake (1) Phyllis Chesler (139) Rebecca Bynum (7197) Richard Butrick (24) Richard Kostelanetz (16) Richard L. Benkin (21) Richard L. Cravatts (7) Richard L. Rubenstein (44) Robert Harris (85) Sally Ross (36) Sam Bluefarb (1) Samuel Chamberlain (1) Sha’i ben-Tekoa (1) Springtime for Snowflakes (4) Stacey McKenna (1) Stephen Schecter (1) Steve Hecht (27) Ted Belman (8) The Law (90) Theodore Dalrymple (892) Thomas J. Scheff (6) Thomas Ország-Land (3) Tom Harb (4) Tyler Curtis (1) Walid Phares (32) Winfield Myers (1) z - all below inactive (7) z - Ares Demertzis (2) z - Andrew Bostom (74) z - Andy McCarthy (536) z - Artemis Gordon Glidden (881) z - DL Adams (21) z - John Derbyshire (1013) z - Marisol Seibold (26) z - Mark Butterworth (49) z- Robert Bove (1189) zz - Ali Sina (2)
clear
Site Archive