Martin's selection of few interesting IT Security, Privacy, and free tools from the Net: Ever heard of EQUATIONDRUG? - It has nothing to do with Drugs, it is an attack platform to control compromised computers.

Monday, February 16, 2015

Ever heard of EQUATIONDRUG? - It has nothing to do with Drugs, it is an attack platform to control compromised computers.

We need to install software from a valid install CD but, if that is compromised then how can we protect.

Researchers at Kaspersky Lab have uncovered a cyberespionage group that has been operating for at least 15 years and has worked with and supported the attackers behind Stuxnet, Flame and other highly sophisticated operations.

Once a PC is compromised, the attackers install the EQUATIONDRUG attack platform, which is the main component from which further operations run. The platform includes a variety of modules and has an analog in another platform called GRAYFISH, which is an updated version of the attack framework.

Countries targeted by this group include Russia, Syria, Iran, Pakistan, China, Yemen, Afghanistan, India but also US and UK, between and several others.

GRAYFISH is the most highly evolved version of its attack infrastructure. The attackers began using this platform about seven years ago and have been improving it as they go. - See more at:

The trump card for the Equation Group attackers is their ability to inject an infected machine’s hard drive firmware. This module, known only by a cryptic name – “nls_933w.dll”, essentially allows the attackers to reprogram the HDD or SSD firmware with a custom payload of their own creation.

Fanny creates a hidden storage area on the stick. If it infects a computer without an internet connection, it will collect basic system information and save it into the hidden area of the stick. Later, which a stick containing hidden information is plugged into a computer infected by Fanny having an Internet connection, the data will be scooped from the hidden area and sent to the C&C.

Another incident included an installation CD for Oracle software that included a Trojan dropper for the Equation Group’s malware. This is a tactic that, through the Edward Snowden documents, has been attributed to operations conducted in the past by the National Security Agency.

The C&C infrastructure includes hundreds of domains in a number of countries, including the United States, the UK, Italy and Germany.

“The scariest thing about them is that we don’t have any samples from 2014. So somewhere in 2013 these guys went off the radar,” he said. “We have no idea what they did in 2014, which is very, very scary.” -

The link below has more information:-

http://threatpost.com/massive-decades-long-cyberespionage-framework-uncovered/111080

Martin's selection of few interesting IT Security, Privacy, and free tools from the Net

Monday, February 16, 2015

Ever heard of EQUATIONDRUG? - It has nothing to do with Drugs, it is an attack platform to control compromised computers.

No comments:

Post a Comment

Popular Posts

Categories

Blog Archive