However, only now Kaspersky Lab’s experts can confirm they have discovered a threat actor that surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades – The Equation Group.
This is from the opening paragraph of a paper published by Kaspersky Labs, a Russian company that produces security software for home and business use. It sounds like something out of the next mediocre hacker film, yet the paper published delivers a pretty in-depth look at what tactics nations have been using to spy on computer users.
Specifically the tactics linked to Stuxnet, an NSA cyber weapon used to monitor Iran’s nuclear program. Kaspersky stopped short of actually naming the nations responsible for this new intrusion, but links info to tools and programs which have been evolving since 2001 and utilized by the NSA.
To over simplify, this new attack is able to reprogram the firmware built in to mass storage devices like hard drives. Once inside the firmware, it doesn’t matter if a target reformats the drive as it’s inside the software used to control the drive.
From there a tiny invisible partition is created to store and transmit information back to the attackers. This partition can be used to transfer individual files, or be used to help crack a computer’s encryption.
According to Kaspersky, pretty much all major drives from companies like Western Digital, Seagate, and more are affected. Targets appear to be international, as drives with infected firmware have been found in government and military systems, telecommunications companies, banks, and energy companies.