Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

NSA: No Comment on Powerful Cyber Spy Tool Detailed By Kaspersky Lab

Powerful Cyber Spy Tool Linked to US-led Effort

A powerful cyberspying tool can tap into millions of computers worldwide through secretly installed malware, security researchers say, with many signs pointing to a US-led effort.

Powerful Cyber Spy Tool Linked to US-led Effort

A powerful cyberspying tool can tap into millions of computers worldwide through secretly installed malware, security researchers say, with many signs pointing to a US-led effort.

A report released Monday by the Russia security firm Kaspersky Lab did not identify the source of the campaign but said it had similarities to Stuxnet, a cyberweapon widely believed to have been developed by the United States and Israel to thwart Iran’s nuclear program.

Kaspersky said the campaign “surpasses anything known in complexity and sophistication” in terms of cyber spying, and had been used at least as far back as 2001 by a team dubbed “the Equation group.”

“The Equation group is probably one of the most sophisticated cyber attack groups in the world; and they are the most advanced threat actor we have seen,” the report said.

The spying relied on a computer worm Kaspersky dubbed “Fanny,” often infecting a computer via a USB stick, and carried out at least two “exploits” to steal information from computers in the Middle East and Asia, the report said.

The evidence shows Equation and Stuxnet developers “are either the same or working closely together,” the researchers said.

No comment: NSA

Advertisement. Scroll to continue reading.

The US National Security Agency, which has led a vast global surveillance effort as part of its anti-terror mission, declined to comment on any involvement in the program.

“We are aware of the recently released report. We are not going to comment publicly on any allegations that the report raises, or discuss any details,” NSA spokeswoman Vanee Vines said in an email to AFP.

Sean Sullivan at the Finnish security firm F-Secure said the Kaspersky report appears to point to an NSA division known as ANT, the subject of a 2013 report about backdoors in technology products.

‘Kaspersky’s research paper refers to a threat actor called the ‘Equation group’ whose country of origin is not named, but the group has exactly the capabilities detailed by the NSA’s ANT catalog,” Sullivan said in a blog post Tuesday.

The campaign was able to infect “about 2,000 users per month” with victims in at least 30 countries, the report said. The most infections were found in Iran, Russia, Pakistan and Afghanistan.

Other countries where infections were found included Syria, Kazakhstan, Belgium, Somalia, Libya, France, Yemen, Britain, Switzerland, India and Brazil.

A unique element of this campaign was its ability to install malware in computer hard drives made by major manufacturers including Western Digital, Seagate, Samsung and Maxtor, according to the researchers.

The spyware was placed in “a set of hidden sectors (or data storage) of the hard drive,” which remain in place even after a disk is reformatted or an operating system reinstalled, Kaspersky said.

Kaspersky researcher Serge Malenkovich said by implanting malware into hard drive “firmware,” it becomes “invisible and almost indestructible.”

“This is one of the long-anticipated scary stories in computer security — an incurable virus that persists in computer hardware forever was considered an urban legend for decades,” he said in a blog post.

But because this scheme is complicated to execute, he noted that “even the Equation group itself probably only used it a few times.”

Infected CDs

Kaspersky’s researchers said in a blog post that the malware was also inserted in CDs from a 2009 scientific conference, potentially exposing the computers of dozens of international scientists.

“It is not known when the Equation group began their ascent. Some of the earliest malware samples we have seen were compiled in 2002; however, their C&C (command and control) was registered in August 2001,” the researchers said.

“Other C&Cs used by the Equation group appear to have been registered as early as 1996, which could indicate this group has been active for almost two decades.”

US officials have not commented on Stuxnet, but researchers including those at Kaspersky have said the virus — believed to have been developed by the United States or Israel to contain threats from Iran — dates back at least to 2007.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.