NSA malware found hiding in hard drives for almost 20 years

Ironman

In the zone
Bad news, geeks. Someone out there figured out how how to hide persistent, invisible espionage malware inside the firmware of your hard drives. Now it’s been discovered that they’ve been using it to spy on targets for nearly 20 years.

This particular piece of malware is delivered via modified hard drive firmware, and Kaspersky says that it’s compatible with nearly all major hard drive brands: Seagate, Western Digital, Samsung, you name it. Once it’s there, it’s nearly impossible to get rid of or even detect. Since it’s not taking up space on the hard drive’s platters, it can easily re-infect a system even after a drive has been fully formatted.

There’s another extremely sophisticated aspect about this threat. Kaspersky found that one of its goals was to compromise and map out air-gapped systems and networks. Doing that required not just the firmware-resident malware, but a companion tool that that was delivered via an infected USB drive (that’s how a cosmonaut ended up infecting the ISS). The compromised drive was used to pass on commands and gather information, with the intelligence uploaded later when it was plugged back into another computer infected with another piece of malware.

Malware this advanced isn’t meant for computers like yours and mine (at least that’s what we’re hoping, right?). Kaspersky’s list of targets won’t surprise you: government and military institutions, telecom and energy companies, nuclear research facilities, oil companies, encryption software developers, media outlets, Islamic groups. Evidence of Equation attacks goes back to at least 2001.

Kaspersky’s blog post is quite detailed, though one thing you’ll notice missing is any finger-pointing. It seems like a no-brainer that the so-called Equation group must be led by whoever was behind the development of Stuxnet. Kaspersky connects the dots by stating that this malware utilized two previously unknown exploits that were later used in Stuxnet, and we’ve already been shown some pretty strong evidence implicating the U.S. there.

Kaspersky Labs also says that the “Equation Group,” the actors behind this particular malware, are unique among the five dozen groups they’ve been watching develop advanced threats over the years. The tools they develop are incredibly complex and costly to develop and the malware “retrieve data and hide activity in an outstandingly professional way.”

[Source:]Page not found | 404 Error | Geek.com
 

Vyom

The Power of x480
Staff member
Admin
Sick of this malware thing. :X

How are Antivirus companies planning to remove the malware from "firmware"! And are hard drive brands like WD, Seagate responsible to 'allow' it to get it to the firmwares?
 

amjath

Human Spambot
Sick of this malware thing. :X

How are Antivirus companies planning to remove the malware from "firmware"! And are hard drive brands like WD, Seagate responsible to 'allow' it to get it to the firmwares?

They must in the hands of NSA
 
Top Bottom