Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

NSA: No Comment on Powerful Cyber Spy Tool Detailed By Kaspersky Lab

Powerful Cyber Spy Tool Linked to US-led Effort

A powerful cyberspying tool can tap into millions of computers worldwide through secretly installed malware, security researchers say, with many signs pointing to a US-led effort.

Powerful Cyber Spy Tool Linked to US-led Effort

A powerful cyberspying tool can tap into millions of computers worldwide through secretly installed malware, security researchers say, with many signs pointing to a US-led effort.

A report released Monday by the Russia security firm Kaspersky Lab did not identify the source of the campaign but said it had similarities to Stuxnet, a cyberweapon widely believed to have been developed by the United States and Israel to thwart Iran’s nuclear program.

Kaspersky said the campaign “surpasses anything known in complexity and sophistication” in terms of cyber spying, and had been used at least as far back as 2001 by a team dubbed “the Equation group.”

“The Equation group is probably one of the most sophisticated cyber attack groups in the world; and they are the most advanced threat actor we have seen,” the report said.

The spying relied on a computer worm Kaspersky dubbed “Fanny,” often infecting a computer via a USB stick, and carried out at least two “exploits” to steal information from computers in the Middle East and Asia, the report said.

The evidence shows Equation and Stuxnet developers “are either the same or working closely together,” the researchers said.

No comment: NSA

The US National Security Agency, which has led a vast global surveillance effort as part of its anti-terror mission, declined to comment on any involvement in the program.

“We are aware of the recently released report. We are not going to comment publicly on any allegations that the report raises, or discuss any details,” NSA spokeswoman Vanee Vines said in an email to AFP.

Sean Sullivan at the Finnish security firm F-Secure said the Kaspersky report appears to point to an NSA division known as ANT, the subject of a 2013 report about backdoors in technology products.

‘Kaspersky’s research paper refers to a threat actor called the ‘Equation group’ whose country of origin is not named, but the group has exactly the capabilities detailed by the NSA’s ANT catalog,” Sullivan said in a blog post Tuesday.

The campaign was able to infect “about 2,000 users per month” with victims in at least 30 countries, the report said. The most infections were found in Iran, Russia, Pakistan and Afghanistan.

Other countries where infections were found included Syria, Kazakhstan, Belgium, Somalia, Libya, France, Yemen, Britain, Switzerland, India and Brazil.

A unique element of this campaign was its ability to install malware in computer hard drives made by major manufacturers including Western Digital, Seagate, Samsung and Maxtor, according to the researchers.

The spyware was placed in “a set of hidden sectors (or data storage) of the hard drive,” which remain in place even after a disk is reformatted or an operating system reinstalled, Kaspersky said.

Kaspersky researcher Serge Malenkovich said by implanting malware into hard drive “firmware,” it becomes “invisible and almost indestructible.”

“This is one of the long-anticipated scary stories in computer security — an incurable virus that persists in computer hardware forever was considered an urban legend for decades,” he said in a blog post.

But because this scheme is complicated to execute, he noted that “even the Equation group itself probably only used it a few times.”

Infected CDs

Kaspersky’s researchers said in a blog post that the malware was also inserted in CDs from a 2009 scientific conference, potentially exposing the computers of dozens of international scientists.

“It is not known when the Equation group began their ascent. Some of the earliest malware samples we have seen were compiled in 2002; however, their C&C (command and control) was registered in August 2001,” the researchers said.

“Other C&Cs used by the Equation group appear to have been registered as early as 1996, which could indicate this group has been active for almost two decades.”

US officials have not commented on Stuxnet, but researchers including those at Kaspersky have said the virus — believed to have been developed by the United States or Israel to contain threats from Iran — dates back at least to 2007.

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...

Cybercrime

The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami along with five associates in Europe

Privacy

Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.