Kaspersky Uncovers The Most Sophisticated Malware

Posted: Feb 17 2015, 2:25am CST | by , Updated: Feb 17 2015, 2:28am CST, in News | Technology News


Kaspersky Uncovers the Most Sophisticated Malware
Kaspersky Labs

Online security company Kaspersky Labs spots unique hard-drive firmware hacking tool that is part of a powerful hacking group named the Equation Group.

Russian security company Kaspersky Labs uncovers yet another hacking scandal. The firm uncovered a hacker group they named Equation Group. The group has been tied to the US government by other reports. Kaspersky Labs stays clean of such statements in their detailed reports about the activity of the Equation Group. 

The Equation group might be active since already 1996. The most astonishing hacking tool the group has been spotted using is based on a hard-drive firmware hack. Kaspersky Labs says that it exceeds anything they have ever seen before.

Kaspersky recovered two plugins in the Equation Group malware platform that have the ability to reprogram the firmware of hard-drives. The malware is almost invisible and very resistant. The malware survives reformatting and reinstalls of operating systems. The HDD firmware hack works with major HDD brands including Seagate, Maxtor, Western Digital, Toshiba and Samsung.

"Another dangerous thing is that once the hard drive gets infected with this malicious payload, it is impossible to scan its firmware. To put it simply: for most hard drives there are functions to write into the hardware firmware area, but there are no functions to read it back. It means that we are practically blind, and cannot detect hard drives that have been infected by this malware," says Costin Raiu, Director of the Global Research and Analysis Team at Kaspersky Lab.

The HDD firmware hacking module is apparently able to install any kind of malware to spy on its owner. Kaspersky points out that the HDD Firmware hacking tool is rarely seen. The Equation Group is reserving it likely for high profile missions.

While most malware used by the Equation Group works with Microsoft Windows, Apple OS X users should not consider themselves save. Kaspersky also spotted code that works with OS X.

To hack its victims, the Equation group has been found using an arsenal of so called implants (Trojans) including the following that have been named by Kaspersky Lab: EquationLaser, EquationDrug, DoubleFantasy, TripleFantasy, Fanny and GrayFish. Kaspersky thinks that there are more implants in existence. 

Kaspersky identified computers in 30 countriest that have been infiltated with spying software. Most victims are located in Iran, Russia, Pakistan, Afghanistan and China.

There is still no end in revelations about how insecure the internet and computer hardware is. As soon as you connect any computer to the net it is vulnerable to attacks. The biggest problematic is that for most internet users the findings Kaspersky Labs unveiled are too complex to understand. 


Equation by GReAT

Equation Group Overview

Equation Group FAQ (pdf)

You May Like


The Author

<a href="/latest_stories/all/all/2" rel="author">Luigi Lugmayr</a>
Luigi Lugmayr () is the founding chief Editor of I4U News and brings over 15 years experience in the technology field to the ever evolving and exciting world of gadgets. He started I4U News back in 2000 and evolved it into vibrant technology magazine.
Luigi can be contacted directly at ml@i4u.com.




Leave a Comment

Share this Story

Follow Us
Follow I4U News on Twitter
Follow I4U News on Facebook

You Also Like


Read the Latest from I4U News