Equation Group

from Wikipedia, the free encyclopedia

Equation Group ( German  group of equations ) is a hacker group that the US National Security Agency should closely related (NSA). The existence of the group was announced in February 2016 by the Russian security company Kaspersky Lab . According to Kaspersky, the group has an arsenal of sophisticated malware that has attacked governments, companies and research institutions in over 30 countries around the world. Kaspersky classified the Equation Group - so called because of their fondness for sophisticated mathematical encryption methods - as advanced persistent threat (APT, advanced, persistent threat ).

discovery

On February 16, 2015, the Russian security company Kaspersky Lab reported at the “Kaspersky Security Analysts Summit” in Mexico that it had discovered a group of hackers that it named “Equation Group”. According to Kaspersky, the group had been active since at least 2001 - possibly since 1996 - and had more than 60 active members. Some malicious programs used by the group were able to the hard drives - Firmware infect different manufacturers, making them even formatting the disk and reinstalling the operating system survive. Such complex knowledge suggests that state intelligence services are involved.

Likely to be associated with Stuxnet and the NSA

In 2015, the Kaspersky researchers found that one of the Equation Group's malware, which they named “Grayfish”, had similarities to another malicious program called “Gauss” from previous attacks. In addition, the Equation Group used two zero-day exploits (not yet closed security holes), which were later also used in the Stuxnet attacks. The researchers concluded that the Equation Group and the Stuxnet developers are either identical or work closely together.

The researchers found that Equation Group malware was able to infect and also spread the firmware of some leading manufacturers' hard drives . For this purpose, the malware could create hidden areas on the hard drives and use them for their own purposes. For these skills, detailed knowledge of the source code of the various manufacturers is required.

The NSA code words “STRAITACID” and “STRAITSHOOTER” were found in the malware of the Equation Group. Time stamps , which were also discovered in the malware, seem to show that the programmers mostly worked Monday to Friday between 8 a.m. and 5 p.m. ( Eastern Standard Timezone , EST).

Kaspersky researchers found parts of the Stuxnet worm in malware from the Equation Group in 2008, two years before Stuxnet was discovered.

IRATEMONK in the ANT (Advanced Network Technology) catalog of the NSA

The Finnish security company F-Secure reported that the Equation Group's malware to infect hard drive firmware came from the NSA catalog for advanced network technology published by Der Spiegel in 2013, where it appears under the name "IRATEMONK".

Equation Group hacked

In August 2016, the hacking group The Shadow Brokers reported that they had stolen malware from the Equation Group and offered it for sale. Edward Snowden speculated that the Shadow Brokers is close to Russian intelligence services.

See also

Web links

Commons : Equation Group  - collection of images, videos and audio files

Individual evidence

  1. Martin Holland: Equation Group: "Most developed hackers in the world" infect u. a. Hard drive firmware . Heise online , February 17, 2015
  2. Security researchers analyze suspected NSA tool . Spiegel Online , March 11, 2015
  3. GReAT, Kaspersky Lab's Global Research & Analysis Team: Equation: The Death Star of Malware Galaxy ( Memento of the original from February 17, 2015 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. . securelist.com, February 16, 2015 (English) @1@ 2Template: Webachiv / IABot / securelist.com
  4. a b GReAT, Kaspersky Lab's Global Research & Analysis Team: Equation Group: Questions and Answers ( Memento of the original from February 17, 2015 in the Internet Archive ) Info: The archive link has been inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. . Version 1.5, securelist.com, February 2015 (English) @1@ 2Template: Webachiv / IABot / securelist.com
  5. ^ Dan Goodin: New smoking gun further ties NSA to omnipotent "Equation Group" hackers . Ars Technica, March 11, 2015 (English)
  6. A Fanny Equation: “I am your father, Stuxnet” . Kaspersky Lab, February 17, 2015
  7. Jacob Appelbaum, Judith Horchert, Ole Reißmann, Marcel Rosenbach, Jörg Schindler and Christian Stocker: The Secret toolbox of NSA . Spiegel Online , December 30, 2013
  8. ^ The Equation Group Equals NSA / IRATEMONK . F-Secure Weblog: News from the Lab, February 17, 2015
  9. Dennis Schirrmacher: Alleged hacking weapons of the NSA for sale Heise online , August 16, 2016
  10. ^ Matt Burgess: Hacking the hackers: everything you need to know about Shadow Brokers' attack on the NSA . Wired , April 18, 2017 (English)