The United States National Security Agency (NSA) embedded sophisticated spyware deep in the firmware of hard drives manufactured by top manufacturers as part of an international spying campaign which has infected thousands of computers across more than 30 countries, according to an analysis by researchers at Russian-based cybersecurity firm Kaspersky Lab.
Stuxnet is the self-replicating computer virus (worm) reportedly responsible for destroying nearly one-fifth of Iran’s nuclear centrifuges.
While the firm did not publicly disclose the suspected country behind the international espionage campaign targeting computer hard drives, infections of which may be in the tens of thousands according to the Register, it did indicate that it was closely related to the Stuxnet virus.
A different former intelligence operative from the aforementioned confirmed to Reuters that the NSA had developed the prized technique which allowed it to conceal spyware in hard drives, but was unaware of which spy efforts in particular were reliant upon the technique.
The NSA’s spokeswoman, Vanee Vines, declined to comment publicly on the matter, but she did indicate that the agency was aware of the Kaspersky report.
Analysis by the antivirus company referenced the unknown hackers as the “equation group” for their love of encryption algorithms, obfuscation, and the sophistication exhibited throughout their hacking tools. The company’s research paper (PDF) called the group “one of the most sophisticated” and “advanced” group of hackers they’ve ever seen in the entire world.
“The equation group is probably one of the most sophisticated cyber attack groups in the world; and they are the most advanced threat actor we have seen.”
Kaspersky’s report indicated that the spying software had been discovered deep within the hard-drives of more than a dozen top manufacturers, which included Western Digital, Toshiba, Seagate, Samsung, Maxtor, and IBM, among others.
The hard-drive infecting malware is known only as nls_933w.dll. The virus is impossible to remove, as it persists through machine wipes to re-infect the targeted systems.
Reports suggest Equation had access to the hard drive firmware’s source code, but at least one manufacturer of infected hardware, Western Digital, claims it had no prior knowledge of the alleged NSA spy program which infiltrated its hardware in order to spy on foreign entities.
There were over 500 infections across 42 countries documented in total by the Internet security firm.
The country with the highest recorded incidence of cyber-attack by equation hackers is Iran, according to Kaspersky’s analysis. Next in line was Russia, followed by Pakistan, Afghanistan, India, China, Syria, and then Mali. Lower levels of infections were discovered across the United Kingdom, Mexico, Lebanon, Yemen, United Arab Emirates, Kenya, Algeria, Qatar, and Egypt.
Leveraging malware in infected hard drives, the group of shadowy world-class hackers dubbed the “equation group” can install more sophisticated spyware including an air-gapping worm known as “Fanny,” which is capable of infecting and mapping physically isolated networks through the infection of USB sticks. But before the attackers upgrade a victimized system to more sophisticated malware, it might use one of its viruses designed for target validation, such as the “DoubleFantasy” Trojan virus.
In other hacking news here on Inquisitr, Kaspersky reported that bank hackers had stolen at least $300 million from banks and other financial institutions around the world in what just might be the biggest bank heist ever recorded. Also, the U.S. knew North Korea was behind the cyber-attack on Sony because the NSA hacked them first.