Equation cybercrime group has no equal in scale and efficiency

Equation cybercrime group has no equal in scale and efficiency

“Kaspersky Lab” has found the strongest player at the moment in the world of cyber-espionage: a criminal group called Equation Group. It is responsible for the introduction of malware in the firmware storage famous manufacturers: of the attack, which caused a lot of noise, we have already reported.

The investigation, conducted by “Kaspersky Lab”, showed that Equation Group has been operating for nearly twenty years. Action groups touched thousands or even tens of thousands of users worldwide.

Infrastructure Equation Group includes more than 300 domains and 100 control and command servers located in different countries, particularly in the US, UK, Italy, Germany, the Netherlands, Panama, Costa Rica, Malaysia, Colombia and the Czech Republic. In its scope, and effectiveness of tools Equation Group surpasses all known criminal kiberkampanii today.

Equation cybercrime group has no equal in scale and efficiency

For example, in the arsenal of Equation Group – a lot of malicious cunning means. One of them is the aforementioned instrument firmware destruction of hard drives, which can not get rid of, even by formatting.

In addition, Equation Group uses worm Fanny, which allows you to receive data from the computer, even if it is disconnected from the World Wide Web. To do this through an infected computer attackers “accommodated” worm on the USB-stick, and the malware, in turn, creates on the removable media the hidden sector, which gathers all the information about the architecture of an isolated network. At the moment of contact with a computer connected to the Internet, the worm with the USB-drive transfers all data to the server Equation Group. Attackers can also add the necessary commands to the same hidden sector, and subsequently in contact with an isolated machine, the worm will execute these commands.

At the stage of infection Equation Group may use up to ten exploits. The researchers also found that Equation Group works closely with other criminal network groups, in particular, the organizers of cyber attacks Stuxnet and Flame. The largest number of victims groups was recorded in Russia and Iran.

Equation cybercrime group has no equal in scale and efficiency updated: February 18, 2015 author: Jonathan Davis