On Feb 16th the Kaspersky security group (www.kaspersky.com) released a Q&A around the espionage software designed and utilized by a group they call the “Equation Group”. The name was given based on the propensity for the use of mathematical encryption algorithms that mask the existence of the malware and it’s data transmissions. All of the previous “advanced” malware we’ve seen to this point (Stuxnet, Flame, Regin, and others) seems simplistic compared to this. At this point Kaspersky engineers have found that the exploits created can actually reprogram the Hard Drive Firmware of most every major brand of Hard Drive currently on the market. The AV software running on your computer right now can’t see that firmware to detect it, and even re-installing your computer from scratch won’t help. To date the use of the malware appears to be very focused on high value government targets which leads Kaspersky and others to believe it is somehow affiliated with a government agency.
The full document can be found at http://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf
Although the average corporate employee would not be a likely target today, copy-cat hackers may begin to develop their version of this complex software. We’ve likely only begun to learn about this talented government-backed agency that has managed to avoid detection by any known antivirus software on the market today.
More information can be found here http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/