Kaspersky Says NSA Planted Stuxnet-Type Cyberweapon In Hard Drives To Spy On Computers Worldwide

Security research firm Kaspersky Labs says it has uncovered what is likely the greatest threat in the history of computer security and that the group's sophistication level, including the ability to infect computer firmware and the use of multiple malware systems, is beyond anything revealed to date.

The cyber threat organization, tagged by Kaspersky as the Equation Group, is likely the "ancestor" of Stuxnet, and is tied to the U.S. intelligence agencies, including the National Security Agency and United States Cyber Command, reported the security firm.

The organization, which uses Stuxnet variants, Zero days and a variety of Trojans and other exploits to gain control of both Windows and Mac computers, has been up and running for over two decades, says the security research firm.

"The Equation group is probably one of the most sophisticated cyber attack groups in the world; and they are the most advanced threat actor we have seen," the company said in making the announcement regarding its research at the Kaspersky Labs Security Analyst Summit on Monday, Feb. 16.

Apple smartphones may also be in the cyber threat organization's crosshairs at this point, according to Costin Raiu, director of the Global Research and Analysis Team at Kaspersky Lab, "but we have no confirmation so far." He estimates the group is targeting 2,000 victims a month with such a variety of tools that "it's getting pretty scary."

The computer worm Stuxnet was deemed responsible for infecting about 1,000 centrifuges in Iran's nuclear enrichment program and was part of a project codenamed Olympic Games run by Israel and the U.S.

The Equation Group's security tools have gotten tremendously sophisticated, says Kaspersky, and can now alter the firmware of over a dozen various hard drive types, from IBM to Toshiba, with the infection rendering the PC completely useless to the owner and which cannot be repaired by antivirus technology.

Published reports reveal the hard drive vendors claim they have not provided needed source code to U.S. intelligence agencies.

"If the malware gets into the firmware, it is able to resurrect itself forever," wrote Raiu in the Kaspersky report. "It means that we are practically blind and cannot detect hard drives that have been infected with this malware."

Kaspersky said it discovered PCs in 30 countries infected with one or more of the spying programs, with targets ranging across several industries from banks to governments and military institutions.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics