Connect with us

Hi, what are you looking for?


Powerful cyber spy tool linked to US-led effort

Cyber tools

A powerful cyberspying tool can tap into millions of computers worldwide through secretly installed malware, security researchers say, with many signs pointing to a US-led effort.

A report released Monday by the Russia security firm Kaspersky Lab did not identify the source of the campaign but said it had similarities to Stuxnet, a cyberweapon widely believed to have been developed by the United States and Israel to thwart Iran’s nuclear program.

Kaspersky said the campaign “surpasses anything known in complexity and sophistication” in terms of cyber spying, and had been used at least as far back as 2001 by a team dubbed “the Equation group.”

“The Equation group is probably one of the most sophisticated cyber attack groups in the world; and they are the most advanced threat actor we have seen,” the report said.

The spying relied on a computer worm Kaspersky dubbed “Fanny,” often infecting a computer via a USB stick, and carried out at least two “exploits” to steal information from computers in the Middle East and Asia, the report said.

The evidence shows Equation and Stuxnet developers “are either the same or working closely together,” the researchers said.

No comment: NSA

The US National Security Agency, which has led a vast global surveillance effort as part of its anti-terror mission, declined to comment on any involvement in the program.

“We are aware of the recently released report. We are not going to comment publicly on any allegations that the report raises, or discuss any details,” NSA spokeswoman Vanee Vines said in an email to AFP.

Advertisement. Scroll to continue reading.

Sean Sullivan at the Finnish security firm F-Secure said the Kaspersky report appears to point to an NSA division known as ANT, the subject of a 2013 report about backdoors in technology products.

‘Kaspersky’s research paper refers to a threat actor called the ‘Equation group’ whose country of origin is not named, but the group has exactly the capabilities detailed by the NSA’s ANT catalog,” Sullivan said in a blog post Tuesday.

The campaign was able to infect “about 2,000 users per month” with victims in at least 30 countries, the report said. The most infections were found in Iran, Russia, Pakistan and Afghanistan.

Other countries where infections were found included Syria, Kazakhstan, Belgium, Somalia, Libya, France, Yemen, Britain, Switzerland, India and Brazil.

A unique element of this campaign was its ability to install malware in computer hard drives made by major manufacturers including Western Digital, Seagate, Samsung and Maxtor, according to the researchers.

The spyware was placed in “a set of hidden sectors (or data storage) of the hard drive,” which remain in place even after a disk is reformatted or an operating system reinstalled, Kaspersky said.

Kaspersky researcher Serge Malenkovich said by implanting malware into hard drive “firmware,” it becomes “invisible and almost indestructible.”

“This is one of the long-anticipated scary stories in computer security — an incurable virus that persists in computer hardware forever was considered an urban legend for decades,” he said in a blog post.

But because this scheme is complicated to execute, he noted that “even the Equation group itself probably only used it a few times.”

Advertisement. Scroll to continue reading.

Infected CDs 

Kaspersky’s researchers said in a blog post that the malware was also inserted in CDs from a 2009 scientific conference, potentially exposing the computers of dozens of international scientists.

“It is not known when the Equation group began their ascent. Some of the earliest malware samples we have seen were compiled in 2002; however, their C&C (command and control) was registered in August 2001,” the researchers said.

“Other C&Cs used by the Equation group appear to have been registered as early as 1996, which could indicate this group has been active for almost two decades.”

US officials have not commented on Stuxnet, but researchers including those at Kaspersky have said the virus — believed to have been developed by the United States or Israel to contain threats from Iran — dates back at least to 2007.

by Rob Lever
Click to comment

More on Capital Business

Executive Lifestyle

NAIROBI, Kenya, Mar 12 – The country’s super wealthy individuals are increasing their holding of bonds, gold and cash, a new report by Knight...

Ask Kirubi

NAIROBI, Kenya, Mar 9 – Businessman and industrialist Dr. Chris Kirubi has urged members of the public to exercise extreme caution when making any...

Ask Kirubi

NAIROBI, Kenya, Mar 24 – Businessman and industrialist Dr. Chris Kirubi is set to own half of Centum Investment Company PLC, following a go-ahead...

Ask Kirubi

It is without a doubt that the COVID-19 pandemic has caught the whole world by surprise. Although its full impact is yet to be...


NAIROBI, Kenya, Mar 18 – Commercial Banks have been ordered to provide relief to borrowers on their personal loans, with loans eligible from March...


NAIROBI, Kenya, Jun17 – Kenya’s tea leaves manufacturer Kericho Gold, has been awarded the Superbrands Seal by Superbrands East Africa for their quality variety...


NAIROBI, Kenya, Apr 13 – As the local telecommunications industry gears up to roll out 5G networks in the country, the Communications Authority of...


NAIROBI, Kenya, Mar 22 – Airtel Kenya is offering free internet access for students in order to enable continued learning at home in the...