Embedded Low Level Surveillance Kit Reveals Massive Third World Cyberpenetration

Usman Pirzada
Posted 2 years ago

Ask any tech enthusiast, BIOS based viruses are almost impossible to remove from a system – once infected. By definition they can survive most data wipes, purges and even hardware replacement by being unusually resilient and sticking to small caches of writable memory. Some of the more pesky ones can even survive low level wipes and BIOS flashes and as it turns out, there is an ongoing surveillance program targeting third world countries like Pakistan, Iran, Russia and China – as alleged by a Russian cybersecurity firm.

Intel AMD NSA BackdoorFan made concept art showing NSA’s web of survielence tools. @Unknown

Pakistan and other third world countries’ Telecommunication, Civil, Educational and Military Infrastructure infected in an extensive cyber penetration operation

It hasn’t been long since the Xkeyscore program was unearthed and the NSA and CIA’s alleged involvement in the same surveillance tool outed. In what appears to be a finally worthy update to the saga, the Equation Group of hackers has been discovered. This particular cyber espionage operation is also thought to originate from the US and has been discovered by researchers at Russia’s (not a coincidence) Kaspersky Labs. With  things like these it is always difficult to pinpoint origin and list culprits but the report implies that the originating country is actually the US. This is something pretty plausible but the fact the report comes straight from Russia needs to be accounted for while digesting the information. (Update: Kaspersky lab states that there is no conclusive word on origin)

equation-groupInfographic courtesy of Kaspersky Lab (Russia)


This new threat actor on the world stage is dubbed the Equation Group and world affair enthusiasts will be no doubt be taking notes as one of the more significant discoveries in cyber operations has come forward. Take a look at the inforgraphic above and you will realize just how extensive the penetration actually is. Interestingly the operation of this set of malware is being linked to Stuxnet, the now-world famous worm which infected the Iranian nuclear reactors and was allegedly developed by western powers. Funnily enough the same work actually ended up infecting Russian reactors as well after it went rogue.The Equation’s level of sophistication and the scale of its operation makes Stuxnet seem like child play, according to Kaspersky’s report.

Now here is the thing, the Equation Group has been active since the 1996 but their activity level saw a big boost in 2008. Like I already said it is difficult to distinguish fact from fable but they were reportedly responsible for developing cyber weapons of incredible potency. Some examples include, Equationdrug, Doublefantasy, Triplefantasy, Grayfish and Equationlaser. While these sounds like a drug traffickers fantasy this is the name of the malware suite that they used to infect computers and usbs at mostly low level and go undetected for many years. And this is where relevancy comes in. This is the same set of malware that was actually discovered in Seagate hardrives. Since we are talking about a firmware level infection here, formatting or reinstalling the OS would make no difference to the infection. Approximately 30 countries were infected and the top of the lineup include Iran, Russia, Pakistan and China. Funnily enough even the US had certain infrastructures infected.

In many ways the Equation Groups infection was the height of perfection, as a tech enthusiast, I can appreciate the raw mastery that went into creating an infection of this level – and even programming in a self destruct. The presence of a self destruct mechanism means that the vast majority of infection will never be accounted for. So what exactly does this mean? Not to try sounding like something out of a science fiction fantasy but it would appear there is a criminal organization out there that has access to nearly every computer on the planet, regardless of how well guarded it is.

Share on Facebook Share on Twitter Share on Reddit