Super-sneaky malware found in companies worldwide
That’s according to a report Monday by Internet security company Kaspersky, which described a hacking campaign “that exceeds anything we have ever seen before.” The mysterious group, which researchers nicknamed “the Equation group,” uses malware that’s unusually quiet, complex and powerful.
And in some cases, it planted spyware on computers’ firmware, the programming that lives permanently on hardware. It’s an unheard-of move that means the malware can avoid detection by antivirus software. Reinstalling a computer’s operating system or reformatting the hard disk won’t even fix the problem.
If you’ve got this, you might as well throw your computer away.
What’s even more interesting is that Kaspersky’s researchers say that the Equation group uses a hacking tool called “GROK.” That’s a tool used exclusively by the NSA’s elite cyber-warfare unit, Tailored Access Operations, according to classified NSA documents released by former contractor Edward Snowden last year.
Kaspersky says the Equation group also appears to have ties to Stuxnet, the computer worm that sabotaged Iran’s nuclear enrichment program in 2010 and was later revealed to be a joint U.S.-Israeli project.
The NSA declined to comment specifically on the Kaspersky report. But the agency noted that its efforts are focused on foiling terrorist plots from al-Qaeda and ISIS, stemming the flow of weapons of mass destruction and blocking aggression from foreign rivals.
“The U.S. government calls on our intelligence agencies to protect the United States, its citizens, and its allies,” NSA said in a statement to CNN.
The Kaspersky report is the latest to depict a world engaged in constant cyber espionage. In the past, security firms have noted how Chinese hacker spies take business plans from power plants. Russian hackers break into oil and gas companies.
Kaspersky research director Costin Raiu said the Equation group hacked into hospitals in China; banks and aerospace companies in Iran; energy companies and government offices in Pakistan; and universities, military facilities and rocket science research institutions in Russia.
The attacked Iran the most, researchers said.
The Equation group also spied on Muslim scholars in the United States and the United Kingdom, Raiu said. It emerged last year that the NSA and FBI have been monitoring the emails of prominent Muslim-American lawyers and activists.
The group monitored keystrokes and stole documents from computers. In one instance in the Middle East, the hackers programmed the malware to specifically look for oil-related shipping contracts and inventory price lists.
Malware attacked Windows computers, Macs and even iPhones.
Unlike other hackers, however, the Equation Group wasn’t interested in destroying computers or wiping them clean, the way North Koreans hurt Sony last year.
“They’re interested in long-term intelligence gathering,” Raiu said.
How far back does this go? Kaspersky researchers say the Equation group built some of its earliest malware in 2002, but the computer infrastructure used to spread the group’s computer viruses dates back to 1996.
Their ability to stay quiet this long goes to show how talented they are, the Kaspersky report noted.