Online security company Kaspersky Labs spots unique hard-drive firmware hacking tool that is part of a powerful hacking group named the Equation Group.
Russian security company Kaspersky Labs uncovers yet another hacking scandal. The firm uncovered a hacker group they named Equation Group. The group has been tied to the US government by other reports. Kaspersky Labs stays clean of such statements in their detailed reports about the activity of the Equation Group.
The Equation group might be active since already 1996. The most astonishing hacking tool the group has been spotted using is based on a hard-drive firmware hack. Kaspersky Labs says that it exceeds anything they have ever seen before.
Kaspersky recovered two plugins in the Equation Group malware platform that have the ability to reprogram the firmware of hard-drives. The malware is almost invisible and very resistant. The malware survives reformatting and reinstalls of operating systems. The HDD firmware hack works with major HDD brands including Seagate, Maxtor, Western Digital, Toshiba and Samsung.
“Another dangerous thing is that once the hard drive gets infected with this malicious payload, it is impossible to scan its firmware. To put it simply: for most hard drives there are functions to write into the hardware firmware area, but there are no functions to read it back. It means that we are practically blind, and cannot detect hard drives that have been infected by this malware,” says Costin Raiu, Director of the Global Research and Analysis Team at Kaspersky Lab.
The HDD firmware hacking module is apparently able to install any kind of malware to spy on its owner. Kaspersky points out that the HDD Firmware hacking tool is rarely seen. The Equation Group is reserving it likely for high profile missions.
While most malware used by the Equation Group works with Microsoft Windows, Apple OS X users should not consider themselves save. Kaspersky also spotted code that works with OS X.
To hack its victims, the Equation group has been found using an arsenal of so called implants (Trojans) including the following that have been named by Kaspersky Lab: EquationLaser, EquationDrug, DoubleFantasy, TripleFantasy, Fanny and GrayFish. Kaspersky thinks that there are more implants in existence.
Kaspersky identified computers in 30 countriest that have been infiltated with spying software. Most victims are located in Iran, Russia, Pakistan, Afghanistan and China.
There is still no end in revelations about how insecure the internet and computer hardware is. As soon as you connect any computer to the net it is vulnerable to attacks. The biggest problematic is that for most internet users the findings Kaspersky Labs unveiled are too complex to understand.
Share this Story
You Might Also Like
Read the Latest from I4U News