Has Equation Group hacked your hard drives? You won’t be able to tell.

The Equation Group’s ability to reprogram hard-drive firmware leaves corporate security pros unable to trust the devices because they can’t tell whether disks have been compromised or not.

“Once the hard drive gets infected with this malicious payload, it’s impossible to scan its firmware,” says Igor Soumenkov, principal security researcher at Kaspersky Lab. “To put it simply: for most hard drives there are functions to write into the hardware firmware area, but there are no functions to read it back. It means that we are practically blind, and cannot detect hard drives that have been infected by this malware.”

Beyond that, the tampering Equation Group does with the firmware can survive reformatting the disk and reinstalling the operating system, giving it “extreme persistence,” and providing invisible, persistent storage inside the hard drive, according to the Kaspersky report on the Equation Group.

To read this article in full or to leave a comment, please click here