Tag Archive for: Equation

Chinese Experts Uncover Details of Equation Group’s Bvp47 Covert Hacking Tool

/in


Bvp47 Covert Hacking Tool

Researchers from China’s Pangu Lab have disclosed details of a “top-tier” backdoor put to use by the Equation Group, an advanced persistent threat (APT) with alleged ties to the cyber-warfare intelligence-gathering unit of the U.S. National Security Agency (NSA).

Dubbed “Bvp47” owing to numerous references to the string “Bvp” and the numerical value “0x47” used in the encryption algorithm, the backdoor was extracted from Linux systems “during an in-depth forensic investigation of a host in a key domestic department” in 2013.

Pangu Lab codenamed the attacks involving the deployment of Bvp47 “Operation Telescreen,” with the implant featuring an “advanced covert channel behavior based on TCP SYN packets, code obfuscation, system hiding, and self-destruction design.”

The Shadow Broker leaks

Equation Group, dubbed the “crown creator of cyber espionage” by Russian security firm Kaspersky, is the name assigned to a sophisticated adversary that’s been active since at least 2001 and has used previously undisclosed zero-day exploits to “infect victims, retrieve data and hide activity in an outstandingly professional way,” some of which were later incorporated into Stuxnet.

Automatic GitHub Backups

The attacks have targeted a variety of sectors in no less than 42 countries, including governments, telecom, aerospace, energy, nuclear research, oil and gas, military, nanotechnology, Islamic activists and scholars, media, transportation, financial institutions, and companies developing encryption technologies.

The group is believed to be linked to the NSA’s Tailored Access Operations (TAO) unit, while intrusion activities pertaining to a second collective dubbed Longhorn (aka The Lamberts) have been attributed to the U.S. Central Intelligence Agency (CIA).

Equation Group’s malware toolset became public knowledge in 2016 when a group calling itself the Shadow Brokers leaked the entire tranche of exploits used by the elite hacking team, with Kaspersky uncovering code-level similarities between the stolen files and that of samples identified as used by the threat actor.

Bvp47 as a covert backdoor

The incident analyzed by Pangu Lab comprises two internally compromised servers, an email and an enterprise server named V1…

Source…

Is Equation Group malware a game changer for advanced attack defense? – TechTarget

/in

Is Equation Group malware a game changer for advanced attack defense?
TechTarget
Kaspersky researchers, who believe the malware is a predecessor to the Stuxnet and Flame attacks, have seen multiple industries targeted by Equation Group since 2001, including government, mass media, transportation and financial institutions. And

flame malware – read more

Kaspersky Warns of ‘Outstandingly Professional’ Equation Group Cyber Attacks – eSecurity Planet

/in

Network World

Kaspersky Warns of 'Outstandingly Professional' Equation Group Cyber Attacks
eSecurity Planet
It means that we are practically blind, and cannot detect hard drives that have been infected by this malware." The modules are also able to create an invisible, persistent area hidden in the hard drive, which is used to save … The Equation Group
The NSA has reportedly found ways to avoid even the strongest security measuresWashington Post (blog)
Equation Group: Meet the NSA 'gods of cyber espionage'International Business Times UK
Reformatting won't remove invisible and persistent malware infecting hard Network World
SC Magazine –GISuser.com (press release) –Tempo (blog)
all 736 news articles »

flame malware – read more

Has Equation Group hacked your hard drives? You won’t be able to tell.

/in

The Equation Group’s ability to reprogram hard-drive firmware leaves corporate security pros unable to trust the devices because they can’t tell whether disks have been compromised or not.

“Once the hard drive gets infected with this malicious payload, it’s impossible to scan its firmware,” says Igor Soumenkov, principal security researcher at Kaspersky Lab. “To put it simply: for most hard drives there are functions to write into the hardware firmware area, but there are no functions to read it back. It means that we are practically blind, and cannot detect hard drives that have been infected by this malware.”

Beyond that, the tampering Equation Group does with the firmware can survive reformatting the disk and reinstalling the operating system, giving it “extreme persistence,” and providing invisible, persistent storage inside the hard drive, according to the Kaspersky report on the Equation Group.

To read this article in full or to leave a comment, please click here

Network World Tim Greene