NSA APT? – “THE EQUATION GROUP”

Kaspersky Lab uncovers online spy tools with potential NSA connections

– [youtube.com]

Equation Group: The Crown Creator of Cyber-Espionage – [kaspersky.com]

For several years, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been closely monitoring more than 60 advanced threat actors responsible for cyber-attacks worldwide. The team has seen nearly everything, with attacks becoming increasingly complex as more nation-states got involved and tried to arm themselves with the most advanced tools. However, only now Kaspersky Lab’s experts can confirm they have discovered a threat actor that surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades – The Equation Group.

EQUATION GROUP: QUESTIONS AND ANSWERS – [securelist.com]

1. What is the Equation group?
The Equation group is a highly sophisticated threat actor that has been engaged in multiple CNE (computer network exploitation) operations dating back to 2001, and perhaps as early as 1996. The Equation group uses multiple malware platforms, some of which surpass the well-known “Regin” threat in complexity and sophistication. The Equation group is probably one of the most sophisticated cyber attack groups in the world; and they are the most advanced threat actor we have seen.

‘Equation Group’ hackers attacked 30+ nations with NSA-style tech – [rt.com]

Russian security experts say that an advanced persistent threat team has infected thousands of computers in more than 30 countries using tools and tactics not unlike what’s already been attributed to the National Security Agency.

Kaspersky Labs of Moscow declined to specifically implicate the United States and its spy office in a report published by the security firm on Monday this week. The researchers, however, say that it’s been monitoring a group of computer hackers that have waged attacks since 2001 and that share similarities with operations of the NSA.

The team of malicious actors is dubbed the “Equation Group” in this week’s Kaspersky report, and the Russian researchers say its participants have waged cyber-attacks against government entities, military institutions, telecommunication firms and the energy sector, among others, pertaining to nations including Russia, Afghanistan, Pakistan, Syria and dozens more.

Shopping for Spy Gear: Catalog Advertises NSA Toolbox – [spiegel.de]

After years of speculation that electronics can be accessed by intelligence agencies through a back door, an internal NSA catalog reveals that such methods already exist for numerous end-user devices.

When it comes to modern firewalls for corporate computer networks, the world’s second largest network equipment manufacturer doesn’t skimp on praising its own work. According to Juniper Networks’ online PR copy, the company’s products are “ideal” for protecting large companies and computing centers from unwanted access from outside. They claim the performance of the company’s special computers is “unmatched” and their firewalls are the “best-in-class.” Despite these assurances, though, there is one attacker none of these products can fend off — the United States’ National Security Agency.

Specialists at the intelligence organization succeeded years ago in penetrating the company’s digital firewalls. A document viewed by SPIEGEL resembling a product catalog reveals that an NSA division called ANT has burrowed its way into nearly all the security architecture made by the major players in the industry — including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell.

A 50-Page Catalog

These NSA agents, who specialize in secret back doors, are able to keep an eye on all levels of our digital lives — from computing centers to individual computers, and from laptops to mobile phones. For nearly every lock, ANT seems to have a key in its toolbox. And no matter what walls companies erect, the NSA’s specialists seem already to have gotten past them.

How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last – [arstechnica.com]

In 2009, one or more prestigious researchers received a CD by mail that contained pictures and other materials from a recent scientific conference they attended in Houston. The scientists didn’t know it then, but the disc also delivered a malicious payload developed by a highly advanced hacking operation that had been active since at least 2001. The CD, it seems, was tampered with on its way through the mail.

It wasn’t the first time the operators—dubbed the “Equation Group” by researchers from Moscow-based Kaspersky Lab—had secretly intercepted a package in transit, booby-trapped its contents, and sent it to its intended destination. In 2002 or 2003, Equation Group members did something similar with an Oracle database installation CD in order to infect a different target with malware from the group’s extensive library. (Kaspersky settled on the name Equation Group because of members’ strong affinity for encryption algorithms, advanced obfuscation methods, and sophisticated techniques.)

Kaspersky researchers have documented 500 infections by Equation Group in at least 42 countries, with Iran, Russia, Pakistan, Afghanistan, India, Syria, and Mali topping the list. Because of a self-destruct mechanism built into the malware, the researchers suspect that this is just a tiny percentage of the total; the actual number of victims likely reaches into the tens of thousands.

Comments are closed.