According to an analysis by Kaspersky Labs, US National Security Agency (NSA) infected hard disk firmware with spyware in a campaign that dates back at least 14 years ago, possibly up to 20 years ago. The Russian cybersecurity firm Kaspersky Lab explained in a recent report that it discovered a new family of malicious programs, also referred to as worms, which infected computers in several countries, especially overseas.
They also said that targets seem to have been specifically selected, as they included military, energy companies and other businesses, government personnel or Islamic activists. The Kaspersky report identified these cyber-spies as the Equation Group, and implied that the group is affiliated with the NSA.
Kaspersky Lab experts claim that one of the infectious programs has some resembling elements with the so-called Stuxnet worm. Regarding this worm, the New York Times and Washington Post have both claimed it had been developed by the U.S. and Israeli governments in order to disrupt Iranian nuclear facilities. Kaspersky’s researchers also said that some of the spyware discovered was meant to burrow into the essential software that comes pre-installed on a computer’s drive, also known as firmware. Once being there from the beginning, it becomes difficult to detect, not to mention how difficult it can be to remove it. But while being there it might as well gain access to vital codes, like the keys to deciphering encrypted files. Kaspersky added that several notorious hard drive brands’ products, like those from Seagate, Toshiba, Western Digital or Samsung are likely to be affected by Equation Group’s malware tools.
“Theoretically, we were aware of this possibility, but as far as I know this is the only case ever that we have seen of an attacker having such an incredibly advanced capability. To be honest, I don’t think there’s any other group in this world that has this capability,”
said Kaspersky Lab global research and analysis director, Costin Raiu, during an interview with Computerworld. Concerns regarding the access to source code occurred after a series of high-profile cyberattacks on Google and other U.S. companies took place in 2009, but had been blamed on China. In the meantime investigators claimed they found evidence according to which the hackers were actually gaining access to source code from several big U.S. tech and defense companies.