Equation Group Details – Professionals Infecting Whoever They Want

Equation_sm

If you are here, you have likely heard about the news making the rounds in the last couple days about the “Equation Group”. Several sites have been giving high level reviews of the exploits and information.

Kaspersky Labs has published some details on what all this means… Rather than bore you with a recount of what was already reported, I am attaching the direct from the source info. So below is attached the 44 page Q&A whitepaper that outlines details, dates and info.

High level information that was interesting from an exploit standpoint

– The ability to infect Hard Drive firmware that survives reboots, formatting and reinstall of OS and carves out its own space.

– Zero day exploits of Firefox TOR browsing

– Interesting write up about PHP infection of web forums that only infect you once you are registered with the forum.

– Amount of time this has been going on (years)

Based upon the target list and rates, it sure seems pretty clear (in my opinion) that this is US sponsored activity…but who knows for sure.

Also a link to the Kaspersky Labs article that summarizes it as well.

Equation Group – Death Star of the Malware Galaxy

Equation_group_questions_and_answers – PDF with details