2
Researchers Find ‘Astonishing’ Malware Linked to NSA Spying By Ryan Gallagher @rj_gallagher 02/17/2015 Security researchers have uncovered highly sophisticated malware that is linked to a secret National Security Agency hacking operation exposed by The Intercept last year. Russian security firm Kaspersky published a report Monday documenting the malware, which it said had been used to infect thousands of computer systems and steal data in 30 countries around the world. Among the targets were a series of unnamed governments; telecom, energy and aerospace companies; as well as Islamic scholars and media organizations. Kaspersky did not name the NSA as the author of the malware. However, Reuters reported later on Monday that the agency had created the technology, citing anonymous former U.S. intelligence officials. Kaspersky’s researchers noted that the newly found malware is similar to Stuxnet, a covert tool reportedly created by the U.S. government to sabotage Iranian nuclear systems. The researchers also identified a series of code names that they found contained within the samples of malware, including STRAIGHTACID, STRAITSHOOTER and GROK. Notably, GROK, which Kaspersky said is a piece of malware used to secretly log keystrokes, is tied to secret NSA hacking tactics described in documents from whistleblower Edward Snowden. Last year, The Intercept revealed that the NSA was using a tool called GROK to log keystrokes as part of a toolkit it uses to hack computers and collect data. The other codenames identified by Kaspersky on Tuesday—such as STRAIGHTACID and STRAITSHOOTER—are strikingly similar to known NSA hacking operations. Leaked NSA documents have revealed that the agency uses hacking tools known as STRAIGHTBIZARRE and FOXACID to break into computers and grab data. According to Kaspersky, the malware found in the latest discovery is the most advanced ever found and represents an “astonishing technical accomplishment.” It hides deep within an infected computer and can stay on the machine even after attempts to wipe or reformat the hard drive. The security firm has dubbed different variants of the malware EquationLaser, EquationDrug and GrayFish, and they are calling its creators the “Equation Group,” because of the way the spy technology attempts to hide itself

Malware Linked to NSA

Embed Size (px)

DESCRIPTION

Researchers Find ‘Astonishing’ Malware Linked to NSA SpyingBy Ryan Gallagher@rj_gallagher Please Check this site:https://firstlook.org/theintercept/2015/02/17/nsa-kaspersky-equation-group-malware/

Citation preview

  • Researchers Find Astonishing Malware Linkedto NSA SpyingBy Ryan Gallagher @rj_gallagher 02/17/2015

    Security researchers have uncovered highly sophisticated malware that is linked to a secret National Security Agency hacking operation exposed by The Intercept last year.

    Russian security firm Kaspersky published a report Monday documenting the malware, which it said had been used to infect thousands of computer systems and steal data in 30 countries around the world. Among the targets were a series of unnamed governments; telecom, energy and aerospace companies; as well as Islamic scholars and media organizations.

    Kaspersky did not name the NSA as the author of the malware. However, Reuters reported later on Monday that the agency had created the technology, citing anonymous former U.S. intelligence officials.

    Kasperskys researchers noted that the newly found malware is similar to Stuxnet, a covert tool reportedly created by the U.S. government to sabotage Iranian nuclear systems. The researchers also identified a series of code names that they found contained within the samples of malware, including STRAIGHTACID, STRAITSHOOTER and GROK.

    Notably, GROK, which Kaspersky said is a piece of malware used to secretly log keystrokes, is tied to secret NSA hacking tactics described in documents from whistleblower Edward Snowden. Last year, The Intercept revealed that the NSA was using a tool called GROK to log keystrokes as part of a toolkitit uses to hack computers and collect data.

    The other codenames identified by Kaspersky on Tuesdaysuch as STRAIGHTACID and STRAITSHOOTERare strikingly similar to known NSA hacking operations. Leaked NSA documents have revealed that the agency uses hacking tools known as STRAIGHTBIZARRE and FOXACID to break into computers and grab data.

    According to Kaspersky, the malware found in the latest discovery is the most advanced ever found andrepresents an astonishing technical accomplishment. It hides deep within an infected computer and can stay on the machine even after attempts to wipe or reformat the hard drive. The security firm has dubbed different variants of the malware EquationLaser, EquationDrug and GrayFish, and they are calling its creators the Equation Group, because of the way the spy technology attempts to hide itself

    https://firstlook.org/theintercept/staff/ryan-gallagher/http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymityhttps://firstlook.org/theintercept/document/2014/03/12/nsa-gchqs-quantumtheory-hacking-tactics/https://firstlook.org/theintercept/2014/03/12/nsa-plans-infect-millions-computers-malware/http://www.washingtonpost.com/world/national-security/stuxnet-was-work-of-us-and-israeli-experts-officials-say/2012/06/01/gJQAlnEy6U_story.htmlhttp://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20150216http://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/https://twitter.com/@rj_gallagher

  • in an infected computer using complex encryption.

    The majority of the infected machines found by Kaspersky were in Iran. But the security firm has also found infected computers in Belgium, Germany, the United States, the United Kingdom, Russia, Afghanistan, Pakistan, Sudan, Lebanon and the Palestinian Territories.

    According to Wired, the targets in the U.S. and the U.K. were all Islamic activists or scholars. The Kaspersky researchers reportedly first discovered the Equation Group malware while researching Regin, a spy tool that The Intercept revealed in December appears to have been used in British and American government hacking operations targeting a Belgian telecommunications company and officesused by European Union officials.

    NSA spokeswoman Vanee Vines told The Intercept the agency was aware of Kasperskys research, but said the agency was not going to comment publicly on any allegations that the report raises, or discussany details.

    Photo: David Ramos/Getty Images

    Email the author: [email protected]

    mailto:[email protected]://firstlook.org/theintercept/2014/12/13/belgacom-hack-gchq-inside-story/https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/http://www.wired.com/2015/02/kapersky-discovers-equation-group/

    Researchers Find Astonishing Malware Linked to NSA Spying


NSA Mining

NSA Mining

Documents
Intrusion Detection and Malware Analysis - Malware collection134.2.173.140/lehre/ws10/ids-malware/12-malware-collection.pdf · Intrusion Detection and Malware Analysis Malware collection

Intrusion Detection and Malware Analysis - Malware collection134.2.173.140/lehre/ws10/ids-malware/12-malware-collection.pdf · Intrusion Detection and Malware Analysis Malware collection

Documents
NSA Wiretaps

NSA Wiretaps

Documents
Network Security Appliance Series€¦ · Firewall NSA 220/W NSA 250M/W NSA 2400 NSA 3500 NSA 4500 SonicOS version SonicOS 5.8.1.1 SonicOS enhanced 5.6 (or higher) Stateful throughput

Network Security Appliance Series€¦ · Firewall NSA 220/W NSA 250M/W NSA 2400 NSA 3500 NSA 4500 SonicOS version SonicOS 5.8.1.1 SonicOS enhanced 5.6 (or higher) Stateful throughput

Documents
NSA Brochure

NSA Brochure

Documents
SonicOS 5.9.0.4 Release Notes, Rev B - SonicWallsoftware.sonicwall.com/Firmware/Documentation/232... · • nsa e8510 • nsa e8500 • nsa e7500 • nsa e6500 • nsa e5500 • nsa

SonicOS 5.9.0.4 Release Notes, Rev B - SonicWallsoftware.sonicwall.com/Firmware/Documentation/232... · • nsa e8510 • nsa e8500 • nsa e7500 • nsa e6500 • nsa e5500 • nsa

Documents
Documents/Approved... · ns.d MN/Sta31 nsa nsa nsd nv7 ozm9M asa otV09M nsa nSd nsa 0909M nn ottZ9M nsa 09-09M Ott-ce9M as. ontsosan asa ... Sd/11Hd SdnlHd santHd san1Hd san.ga SdnlHd

Documents/Approved... · ns.d MN/Sta31 nsa nsa nsd nv7 ozm9M asa otV09M nsa nSd nsa 0909M nn ottZ9M nsa 09-09M Ott-ce9M as. ontsosan asa ... Sd/11Hd SdnlHd santHd san1Hd san.ga SdnlHd

Documents
Opinion & Order: US NSA vs. NSA UHG

Opinion & Order: US NSA vs. NSA UHG

Documents
TUTELAGE: Malware Defense Infrastructure (NSA/CSS)

TUTELAGE: Malware Defense Infrastructure (NSA/CSS)

Technology
Nsa Overcollection

Nsa Overcollection

Documents
NSA/CSS POLICY MANUAL 1-52 NSA/CSS CLASSIFICATION

NSA/CSS POLICY MANUAL 1-52 NSA/CSS CLASSIFICATION

Documents
NSA Philly

NSA Philly

Business
Malware Fails Best Bugs in Malware Felix Leder [Malware ... · 1 Malware Fails Best Bugs in Malware Felix Leder [Malware Detection Team] Felix.Leder@norman.com 5. desember 2011 malware

Malware Fails Best Bugs in Malware Felix Leder [Malware ... · 1 Malware Fails Best Bugs in Malware Felix Leder [Malware Detection Team] [email protected] 5. desember 2011 malware

Documents
NSA IAD Manageable Network Plan nsa-16-0114.pdf

NSA IAD Manageable Network Plan nsa-16-0114.pdf

Documents
4001133 - NSA

4001133 - NSA

Documents
NSA Document

NSA Document

Documents
Nsa Interview

Nsa Interview

Documents
NSA WilliamBinneyDeclaration

NSA WilliamBinneyDeclaration

Documents
Netball South Africa NSA Membership NSA Membership Structures Structures NSA executive NSA executive NSA structure NSA structure Composition of NSA Composition

Netball South Africa NSA Membership NSA Membership Structures Structures NSA executive NSA executive NSA structure NSA structure Composition of NSA Composition

Documents
nsa hearing

nsa hearing

Documents
NSA Complaint

NSA Complaint

Documents
Repurposing OnionDuke - NopSecinfo.nopsec.com/rs/736-UGK-525/images/Nation State Malware... · Repurposing OnionDuke ... • NSA used ‘Wiper’ malware similar to the Sony and other

Repurposing OnionDuke - NopSecinfo.nopsec.com/rs/736-UGK-525/images/Nation State Malware... · Repurposing OnionDuke ... • NSA used ‘Wiper’ malware similar to the Sony and other

Documents
NSA Secrets

NSA Secrets

Documents
NSA Affirmative - forms.huffmanisd.netforms.huffmanisd.net/debate/debate/cx/NSA Affirmative - DDI 20… · Web viewNSA Affirmative – DDI 2015 ST. 1. NSA Affirmative. NSA Affirmative1

NSA Affirmative - forms.huffmanisd.netforms.huffmanisd.net/debate/debate/cx/NSA Affirmative - DDI 20… · Web viewNSA Affirmative – DDI 2015 ST. 1. NSA Affirmative. NSA Affirmative1

Documents
NSA - ELINT

NSA - ELINT

Documents
Communication Nsa

Communication Nsa

Documents
Nsa Cotraveler

Nsa Cotraveler

Documents
The SonicWALL Network Security Appliance Seriesmmvaquinhas.pt/sonicwall/DS_NSA_Series_US.pdf · Certifications Firewall NSA 240 NSA 2400 NSA 3500 NSA 4500 SonicOS Version SonicOS

The SonicWALL Network Security Appliance Seriesmmvaquinhas.pt/sonicwall/DS_NSA_Series_US.pdf · Certifications Firewall NSA 240 NSA 2400 NSA 3500 NSA 4500 SonicOS Version SonicOS

Documents
NSA Affirmative - forms.huffmanisd.netforms.huffmanisd.net/debate/CX/NSA Affirmative - DDI 2015 ST.d… · Web viewNSA Affirmative – DDI 2015 ST. 1. NSA Affirmative. NSA Affirmative1

NSA Affirmative - forms.huffmanisd.netforms.huffmanisd.net/debate/CX/NSA Affirmative - DDI 2015 ST.d… · Web viewNSA Affirmative – DDI 2015 ST. 1. NSA Affirmative. NSA Affirmative1

Documents
Nsa Datasheet

Nsa Datasheet

Documents