“Sophisticated hackers group has possible ties to NSA




Security company Kaspersky has discovered the existence of a hacker group behind tens of thousands of infections is possible and that group can be linked to the US National Security Agency. The hacker group took advantage of command-and-control servers in countries including the Netherlands.

Kaspersky called the hacker group, which would be active at least since 2001, one of the most advanced ever. The Russian security company has five hundred infections of the group managed to figure out, but thinks that the actual number of infections is in the tens of thousands. Not all infections could be obsolete, since the group of malware can destroy itself. Especially institutions in Iran, Russia and Pakistan would have been the target, as well as Afghanistan, India and China. It integrates attacked the authorities and military institutions, but also providers, universities and research institutions.

The company has the hacker group named the Equation Group, because of the love of the attackers for encryption and methods to cover their tracks. Although Kaspersky says nothing about the involvement of the US National Security Agency, there are several indications of links between those two signs at Ars Technica. Thus, some code names in the source code of the malware used by the group in line with code names that occurred in Snowden documents. Also the name of a keylogger corresponded.

Moreover, two of the zero-day vulnerabilities that the group used reflect vulnerabilities NSA would have used in Stuxnet malware that Iranian nuclear facilities were attacked. Also, certain techniques used by the hackers, for example, to clear their spores, were similar. It is therefore possible that the malware group is used in the Stuxnet attack, says Kaspersky.

Kaspersky does not mention about infections in the Netherlands, although that is not to say that not have been there. What is certain is that European institutions were targeted: including in Belgium, but also in the UK, France and Switzerland, found Kaspersky infections. Kaspersky did find at least one command-and-control-server on Dutch soil.

The group had among other malware with its own virtual file system so that files the malware do not have to be accommodated in the normal file and thus less easily found by virus scanners. This technique could be used to attack the NSA on the German government and a British attack on the Belgian service provider Belgacom.

Also brought malware group files under in the Windows Registry, also with the aim to clear the tracks. The group had malware that spreads via USB sticks, so as airgapped- computers that are not tied to infect to the internet. Although Kaspersky saw only Windows infections, there are indications that the group also on iOS and OS X devices managed to penetrate.

The group could also be able to accommodate malware in firmware, for example, in that of the hard disk. Hence the malware gets full control of the computer; even reinstalling the operating system makes no more for the malware disappears. Also, it is therefore almost impossible to remove malware.

Victims were the malware including through CDs that intercepted the group and provided malware. Intercepting packets to add malware is a technique which previously showed the US NSA uses that.


In: Technology & Gadgets Asked By: [15464 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »