Researchers working at Kaspersky Lab in Russia have recently detected a new threat actor that has been active for years. It is called the Equation group. The group has been given this name because it uses various algorithms and sophisticated methods in order to implement their operations. In particular, RC5 encryption algorithm is visible in malware produced by this group.
There is no doubt that the Equation group was engaged in various computer network exploitation operations in 2001; however, it is very likely that it started working in 1996. There are many victims of the Equation group. According to the security experts, users from 30 countries, including Iran, Russia, Syria, Afghanistan, Palestine, Switzerland, Germany, India, Brazil, and others have been affected. Victims of the Equation group can be put into the following categories: governments and diplomatic institutions, telecommunication, aerospace, energy, nuclear research, nanotechnology, transportation, mass media, and financial institutions. In fact, experts working at Kaspersky Lab claim that a number of other groups can be distinguished as well; however, there is no doubt that users are unaware of the fact that their systems are infected with malicious software.
The Equation group is definitely unique in a sense that it has been performing novel activities throughout the years. It has been found out that the group users several malware platforms: EQUATIONDRUG (a complex attack platform), DOUBLEFANTASY (a validator-style Trojan), TRIPLEFANTASY (backdoor), GRAYFISH (a very sophisticated platform), FANNY (a worm that was used to gather information), EQUATIONLASER (an early implant), and EQUESTRE (acts in the same manner as EQUATIONDRUG). In addition to this, the Equation Group users various exploits, for instance, Windows Kernel exploit, LNK vulnerability, and even Java and Internet Explorer vulnerabilities. Furthermore, researchers have found out one main aspect related to the Equation group’s attacks – hackers that belong to this group can infect the hard drive firmware. By saying that, we mean that the hard drive firmware can be reprogrammed. Hard drives built by such companies like Maxtor, Seagate, Western Digital, and Samsung can be affected. As can be seen, the Equation group acts in a rough way; however, you should not forget that it might do many other activities, for instance, they can retrieve data from isolated networks as well.
It has to be emphasized that the Equation group uses not only powerful tools to infect victims, but also employs various spying techniques in order to deliver malicious software to users. In fact, targets are not only infected via the Internet (web-based exploits). Research has shown that there was one case when people received CDs with a conference material and installed DOUBLEFANTASY on their computers without even knowing that. As can be seen, the Equation group works in the real world as well. Specialists working at Kaspersky Lab claim that they have never seen that before; thus, there is no doubt that the group is very unique.
Hackers that belong to the Equation group are mainly aimed at Microsoft Windows OS; however, researchers believe that MAC OS X is at risk as well. Researchers have found out that the Equation group uses the same exploits in order to infect computers which were used in the Stuxnet (worm that allows hackers to attack programmable logic controllers (PLCs)) attack. It is also worth mentioning that the Equation group possesses more than 300 domains and more than 100 servers and uses them for attacks.
If your hard drive has been infected with malware developed by the Equation group, it will be basically impossible to get rid of malicious software because formatting the hard drive and rewriting OS is not sufficient. Actually, this suggests that users might not even know that they have malware on their systems, which means that even the protected computers and those that belong to the government or other institutions can be infected and the confidential data might be stolen from them.
Even though it is basically impossible to protect the system from the attacks of the Equation group, you can still prevent different kinds of malicious applications, which might enter your system while you are surfing the Internet, from entering your system. In order to do that, you should install an antimalware tool, such as SpyHunter on your computer. Unfortunately, other infections are capable of bypassing security applications, so it is still very important to be very cautious all the time as well.