Kaspersky Lab discussed a threat that has been in operation for nearly two decades. According to the firm, the cyber threat known as "The Equation Group" is unlike anything it has dealt with over its 60 years of work in the security business.
"They use tools that are very complicated and expensive to develop, in order to infect victims, retrieve data hide activity in an outstandingly professional way, and utilize classic spying techniques to deliver malicious payloads to the victims," said Kaspersky.
Included in this arsenal of tools employed by The Equation Group is an advanced program that can rewrite the firmware on hard drives, and this is what makes The Equation Group so dangerous. By being able to reprogram the firmware on hard drives, a malicious code can be stored inside of the device and would survive virus scans, and even survive reformatting the hard drive.
This means the virus cannot be removed without flashing the hard drive's firmware, which no one outside of the manufacturer is setup to do, or replacing the hard drive. Given that this is a new type of threat, it's likely that even hardware experts would never figure out how the virus kept coming back.
The Equation Group has other tools available, too. To date, the group has been responsible for the distribution of several threats such as DoubleFantasy, Fanny and EquationDrug. What is more concerning is the way in which these threats manage to start and spread.
Many of the threats were initially spread without using the Internet. DoubleFantasy is one such example; after a scientific conference in Houston, Texas, the attending members of the conference were given a copy of the conference materials on an optical disk. The DoubleFantasy software was installed onto the disks and infected systems when used.
Fanny is another threat developed by The Equation Group that spreads in a unique way, by infecting USB devices to gain access to systems not connected to the network. The software does this by determining when it is connected to a system that lacks an Internet connection, and then it uses the USB devices and another computer with an Internet connection to transport data to and from the non-networked system.
With so many advanced ways to attack users, The Equation Group stands as a severe threat to cybersecurity.