Russia’s cybersecurity company Kaspersky Lab announced that it has uncovered the most advanced hacker group in history. According to engineers, it may be associated with the US National Security Agency (NSA) and there is at least 14 years.

Kaspersky baptized hackers with the name Equation Group, the company has documented 500 attacks in 42 countries. Used malicious code has a function to erase itself after a certain period of time and so it’s very difficult to be detected and tracked. The company felt that documented the cases they are only a small part of the real number, which predict that thousands, even tens of thousands of breakthroughs. Most often among the targets of the group are computers in Iran, Russia, Pakistan, Afghanistan, India, Syria and Mali.

To capture software

To spread viruses, the hackers have used traditional methods. According to agency Reuters they were able to integrate the virus in hard drives Seagate, Toshiba, Western Digital, Hitachi and other leading manufacturers. Viruses are deployed in system software and so even after formatting, they reappear. Agency even claims that a former employee of the NSA confirmed the veracity of the allegations of Kaspersky. It remains unclear how the hackers were able to achieve the introduction of viruses on the system level so low. Rayu suggests that they somehow got the source code of the device and used it to study the weak sides.

Among the methods is the “intersection” of mail with CDs with software and documents. Hackers have added viruses disks that were used by their unsuspecting recipients. Kaspersky found out about the case in 2009, when the disc information of a scientific conference in Houston was “captured” while traveling in the mail and was infected with the virus DoubleFantasy. Similarly was infected and disk setup files of the software Oracle 8i-8.1.7 for Windows, as it happened between six and seven years earlier. According to Kaspersky, this practice has been used very rarely because of its complexity.

Hackers are preferred infecting computers on the Internet and via USB drives. Among their most frequent targets was the Java platform and the Internet Explorer browser from Microsoft. The group has relied on the introduction of viruses into unsuspecting sites from which to spread. Web portals were a variety of topics – from reviews of technology products to discussions about Islamism. Experts of Kaspersky report frequent activities of the group stood out with surgical precision to ensure that they are infected only desired goal. Viruses are embedded in concrete criteria exactly which devices can be attacked.

Developed by Equation Group viruses were most different. Used and methods that make malicious codes subtle antivirus software. For example, hiding files in different parts of the register of Windows. Among the viruses there were intelligence software to “mapped” isolated networks. He relied on the use of USB memory device be connected to a computer in the network and then to a computer with an Internet connection. So hackers have been able to understand the internal infrastructure of companies, research institutions and governments. Third malicious code does have the ability to recognize iPhone and to select the appropriate malware on it. Kaspersky engineers believe that the group has and viruses for Mac, but failed to find them.

Heirs of Stuxnet

According to Kaspersky Equation Group is the most advanced hacker group with knowledge and resources to compete with the creators of the acquired fame as the first cyber weapon virus Stuxnet (defeated Iran’s nuclear program) and his successor Flame. Rayu Kostin, director of team research and analysis, Kaspersky said that it believes Equation Group first receives or creates malware and then transmit them to the other groups, which modify them and apply. “Equation Group are definitely leaders. They give other hackers crumbs, and occasionally give them additional things to embed in Stuxnet and Flame”, commented Rayu. The company does not name directly that the group is linked to the NSA, but it hinted in its official report.

Equation Group and NSA use the same software for recording by pressing the keyboard. His name is Grok and was revealed as used by the NSA last year of online publication The Intercept. Kaspersky found him among the instruments of Equation Group. Other malicious codes do they have similar names and similar structure names. Furthermore, Equation Group are first used security holes, which are then integrated into Stuxnet, the company said.

Hacker error

But the best hackers are not faultless, adds Rayu. The Group has made several serious mistakes that have allowed Kaspersky to understand how their organization works. The company learned of hackers in March 2014 while Investigates virus Reign, which was considered one of the most technologically developed. It is an open module EquationDrug, which is unprecedented. It is used as a unit of comparison in the database with problem reports from various clients.

Found various modifications and viruses with similar structure and domains which are used as control channels – more than 300. It was found that hackers had failed to renew the registration of 20 domains. Experts of Kaspersky done this domain used to trace the links that are made to the domain by Equation Group of infected computers. Thus it was discovered that there are still computers that are infected with the virus EquationLaser, which is not really used by hackers from 2003 onwards. Seems Equation Group understand what happens because 90% of the channels were closed last year. However, the time was enough for Kaspersky to study group. This information is used and the similarities and similar modules in Stuxnet and Flame, which have an even better idea of ​​the capabilities of Kaspersky Equation Group. Engineers even revealed which folder compiled some of the viruses in one of the computers hackers. These and other cyber prints indicate a high level of expertise of Equation Group and suggested that the group has virtually unlimited resources to develop their projects, experts say.

Later NSA issued a statement refusing to comment on “any allegations that the report raises, as well as any details.” As an argument for its decision the Agency shall specify the directive of President Barack Obama last year, which ranks higher standard of human security and limited data collection and not to comment on the practices of intelligence institutions. D.TECH NEWSKaspersky,securityRussia's cybersecurity company Kaspersky Lab announced that it has uncovered the most advanced hacker group in history. According to engineers, it may be associated with the US National Security Agency (NSA) and there is at least 14 years. Kaspersky baptized hackers with the name Equation Group, the company has documented...