Russian researchers expose embedded spying software in computer hard drives

Kaspersky claims that the attackers used other methods to infect targets when hard drives were not affected.

Kaspersky claims that the attackers used other methods to infect targets when hard drives were not affected.

A new report from Kaspersky Lab has found a suite of surveillance platforms that can hide spying software embedded deep within hard drives made by leading manufacturers. The attackers, dubbed Equation Group are the most advanced that the researchers have encountered to date.

Kaspersky said it found personal computers in at least 30 different countries holding this spy software within it. What’s more concerning is that these systems and hard drives were out in the public and didn’t have any direct ties to government officials.

Countries hit the most by Equation include Iran, followed by Russia, Pakistan, Afghanistan, India, China, Mali, Syria, Yemen and Algeria. Targets in those countries included the military and government institutions, embassies, research institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic scholars, Kaspersky said.

Though researchers didn’t publicly name the country behind the spying campaign, there’s a good bit of circumstantial evidence that points to the NSA. It was closely linked to Stuxnet, the NSA-led cyberweapon that was used to attack Iran’s uranium enrichment facility which means that the spyware is being placed by the Government of the United States of America.

“There are solid links indicating that the Equation group has interacted with other powerful groups, such as the Stuxnet and Flame operators–generally from a position of superiority. The Equation group had access to zero-days before they were used by Stuxnet and Flame, and at some point they shared exploits with others,” the Kaspersky report says.

Kaspersky’s most striking finding is Equation’s ability to infect the firmware of a hard drive providing a level of persistence that helps to survive disk formatting and OS reinstallation. The spyware reprograms the hard drive’s firmware thereby creating hidden sectors on the drive that can only be accessed via a secret API (application programming interface). Kaspersky notes that the malware is impossible to remove once it is installed.

In most hard drives there are functions to write into the hardware firmware area, but there are no features to read it back which makes it difficult to detect hard drives that have been infected by this malware, director of the Global Research and Analysis Team at Kaspersky Costin Raiu said.

Kaspersky claims that the attackers used other methods to infect targets when hard drives were not affected. It is claimed that the group intercepted physical goods and replaced them with Trojanized versions. In another instance participants of a scientific conference were delivered conference materials on a CD-ROM which was later used to install the group’s DoubleFantasy implant into the target’s machine.

Avatar
Carrie Ann
Carrie Ann is Editor-in-Chief at Industry Leaders Magazine, based in Las Vegas. Carrie covers technology, trends, marketing, brands, productivity, and leadership. When she isn’t writing she prefers reading. She loves reading books and articles on business, economics, corporate law, luxury products, artificial intelligence, and latest technology. She’s keen on political discussions and shares an undying passion for gadgets. Follow Carrie Ann on Twitter, Facebook

Recent Posts

France’s water management utilities, Veolia and Suez, finally merge after long battle

France’s water management utilities, Veolia and Suez, finally merge after long battle

Veolia and arch-rival Suez, the two French waste management utility companies, have struck a deal worth nearly 13 billion euros ($15.44 billion)to merge after months of wrangling.
22 hours ago
Impossible Foods mulling IPO at $10 billion valuation

Impossible Foods mulling IPO at $10 billion valuation

Impossible Foods, the makers of the widely popular plant-based burgers, plans to go public with a likely valuation of $10 billion. The vegan burger company was valued at $4 billion
22 hours ago
Aramco sells minority stake to EIG Group-led consortium for $12.4 billion

Aramco sells minority stake to EIG Group-led consortium for $12.4 billion

Energy giant Saudi Aramco is selling a minority stake for 12.4-billion-dollar in a newly formed oil pipeline business to a consortium led by US-based EIG Global Energy Partners. Th
22 hours ago
Elior acquires Nestor, the single meal food delivery startup

Elior acquires Nestor, the single meal food delivery startup

Elior, the corporate catering company, has acquired the French startup Nestor for an undisclosed amount. Nestor, a Paris, France-based food delivery service, started in 2015 with a
4 days ago
Axa gears to buy office space worth €800m in European cities

Axa gears to buy office space worth €800m in European cities

Axa Investment Managers, the French fund house, is not too worried about predictions that the post-pandemic world will see more people working from home and office real estates shr
4 days ago
ShareChat raises $502 million at $2 billion valuation

ShareChat raises $502 million at $2 billion valuation

ShareChat, the Indian owner of short video app Moj, has raised $502 million in the series E round of funding, pushing its value at $2.1 billion in the market. The five-year-old com
5 days ago