Kaspersky Discovers NSA-Linked Spying Infections in 30 Countries
The Kaspersky Lab has discovered spy operations infecting personal computers in 30 countries, Reuters noted. Most infections have been found in Iran, Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.
Other infected countries include the United States, the Philippines, United Kingdom, Kazakhstan, Belgium, Somalia, Hong Kong, Libya, United Arab Emirates, Iraq, Nigeria, Ecuador, Mexico, Malaysia, Sudan, Lebanon, Palestine, France, Germany, Singapore, Qatar, Switzerland, Bangladesh, South Africa, India and Brazil.
The 'Equation group'
The culprit is a malware distributor known as the "Equation group," PCMag reported. It is believed to be associated with the U.S. National Security Agency.
Kaspersky, a Moscow-based security software maker, called the Equation group a "threat actor." The group has allegedly engaged in various computer network exploitation (CNE) operations since 2001.
Kaspersky is also convinced that Equation might be one of the world's most sophisticated cyber attack groups, even telling "they are the most advanced threat actor we have seen."
Affected Sectors
According to PCMag, Equation programs have focused on sectors such as the government, nuclear research and nanotechnology, among others. The malware is also capable of reprogramming hard drive firmware. Unfortunately, it is said to be undetectable and non-removable.
Several malware platforms identified by Kaspersky include EquationDrug, DoubleFantasy, Equestre, TripleFantasy, GrayFish, Fanny and EquationLaser.
The Chain of Infection
Victims are selected if they appear "interesting" to Equation. Kaspersky explained that they are picked through surgical precision or validator implants.
Kaspersky programs themselves might have been targeted by the intrusive systems. In March 2013, a Kaspersky Lab user has been attacked by one of Equation's exploits, but fortunately, the attempt failed.
Attacks are delivered through the simplest of ways, such as browsing forums or advertisements. Kaspersky has identified countries that are not bound to be exploited, and they include Jordan, Turkey and Egypt.
How the NSA is Associated
As told by Reuters, Kaspersky said that the spying campaign is linked to Stuxnet, an NSA-led cyberweapon. Interestingly, as Iran is noted to get the most infection, Stuxnet has also been used to attack the country's uranium facilities previously.
Reports have it that Western Digital, Seagate, Toshiba, Samsung, Maxtor and IBM are companies whose hard drives had been affected by Equation.
Western Digital has claimed to be innocent of the meticulous cyber spying prior to Kaspersky's report. A company spokesman told Fox News, "We take such threats very seriously... We are in the process of reviewing the report from Kaspersky Labs and the technical data set forth within the report."
For more information, see Kaspersky's detailed report here.