Skip to main content
Customer Support Customer Support

New smoking gun further ties NSA to omnipotent “Equation Group” hackers

Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

What are the chances unrelated state-sponsored projects were both named "BACKSNARF"?

by Dan Goodin - Mar 11, 2015
 
http://cdn.arstechnica.net/wp-content/uploads/2015/03/Bullet_coming_from_SW-640x402.jpg
 
Researchers from Moscow-based Kaspersky Lab have uncovered more evidence tying the US National Security Agency to a nearly omnipotent group of hackers who operated undetected for at least 14 years.
 
The Kaspersky researchers once again stopped short of saying the hacking collective they dubbed Equation Group was the handiwork of the NSA, saying only that the operation had to have been sponsored by a nation-state with nearly unlimited resources to dedicate to the project. Still, they heaped new findings on top of a mountain of existing evidence that already strongly implicated the spy agency. The strongest new tie to the NSA was the string "BACKSNARF_AB25" discovered only a few days ago embedded in a newly found sample of the Equation Group espionage platform dubbed "EquationDrug." "BACKSNARF," according to page 19 of this undated NSA presentation, was the name of a project tied to the NSA's Tailored Access Operations.
 
Full Article

    4 replies

    R
    Community Guide
    Its obvious NSA will do whatever it takes to achieve their goal and protection of National Security. I'm not surprised at all.
    cohbraz
    1 person likes this
    • cohbraz
      cohbraz
    cohbraz
    Community Leader
    • cohbraz
    • Community Leader
    • 868 replies
    • March 11, 2015
    Besides, "BACKSNARF" is rather fun to say out loud. 😃
    R
    Community Guide
    By Lucian Constantin
     

    The name matches an NSA project listed in a secret document leaked by Edward Snowden.

     
    As security researchers continue to analyze malware used by a sophisticated espionage group dubbed the Equation, more clues surface that point to the U.S. National Security Agency being behind it.
     
    In February, Russian antivirus firm Kaspersky Lab released an extensive report about a group that has carried out cyberespionage operations since at least 2001 and possibly even as far back as 1996. The report detailed the group's attack techniques and malware tools.
     
    full article
    Jasper_The_Rasper
    1 person likes this
    • Jasper_The_Rasper
      Jasper_The_Rasper
    Jasper_The_Rasper
    Moderator
    Forum|alt.badge.img+54
    March 12, 2015  By Pierluigi Paganini
     
    Researchers at Kaspersky Lab are still investigating on this APT and released a new deeper analysis of the older attack platform used by the Equation group.
    Let’s start with the consideration that bad actor behind the Equation Group has developed a complete hacking platform, dubbed EquationDrug, that’s able to produce selective agents to target specific platforms, process manipulation of targets, drivers and library loading and traffic hijacking.
     
    http://securityaffairs.co/wordpress/wp-content/uploads/2015/03/EquationDrug-platform-Equation-Group-948x1024.jpg
     
    The EquationDrug is the predecessor of another powerful hacking platform used by the Equation Group, the GrayFish. It cannot be used for OS after the Windows XP/2003.
    The experts discovered that EquationDrug allowed the deployment at least of 116 different modules that implements sophisticated cyberespionage functions ranging from data exfiltration to target monitoring. Kaspersky experts analyzed 30 different modules, among the capabilities implemented by the EquationDrug there were system-level functions, data exfiltration modules for specific targets,
     
    Full Article
    Ssherjj
    R
    2 people like this
    • Ssherjj
      Ssherjj
    • R
      retiredAntus67

    Reply


    Terms & Conditions