Submitted by Tyler Durden on 02/16/2015 19:41 -0500
Since 2001, a group of hackers – dubbed the “Equation Group” by researchers from Moscow-based Kaspersky Lab – have infected computers in at least 42 countries (with Iran, Russia, Pakistan, Afghanistan, India, and Syria most infected) with what Ars Technica calls “superhuman technical feats” indicating “extraordinary skill and unlimited resources.”
The exploits – including the ‘prized technique’ of the creation of a secret storage vault that survives military-grade disk wiping and reformatting – cover every hard-drive manufacturer and have many similar characteristics to the infamous NSA-led Stuxnet virus.
According to Kaspersky, the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on.
Disk drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up.
“The hardware will be able to infect the computer over and over,” lead Kaspersky researcher Costin Raiu said in an interview.
…
Kaspersky’s reconstructions of the spying programs show that they could work in disk drives sold by more than a dozen companies, comprising essentially the entire market. They include Western Digital Corp, Seagate Technology Plc, Toshiba Corp, IBM, Micron Technology Inc and Samsung Electronics Co Ltd.
The group used a variety of means to spread other spying programs, such as by compromising jihadist websites, infecting USB sticks and CDs, and developing a self-spreading computer worm called Fanny, Kasperky said.
Fanny was like Stuxnet in that it exploited two of the same undisclosed software flaws, known as “zero days,” which strongly suggested collaboration by the authors, Raiu said. He added that it was “quite possible” that the Equation group used Fanny to scout out targets for Stuxnet in Iran and spread the virus.
