This creepy malware found on government, company, university computers worldwide

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

A shadowy hacking group has infected computers at companies, universities and governments worldwide with the sneakiest malware ever.

That’s according to a report Monday by Internet security company Kaspersky, which described a hacking campaign “that exceeds anything we have ever seen before.”

The mysterious group, which researchers nicknamed “the Equation group,” uses malware that’s unusually quiet, complex and powerful.

And in some cases, it planted spyware on computers’ firmware, the programming that lives permanently on hardware. It’s an unheard-of move that means the malware can avoid detection by antivirus software. Reinstalling a computer’s operating system or reformatting the hard disk won’t even fix the problem.

If you’ve got this, you might as well throw your computer away.

What’s even more interesting is that Kaspersky’s researchers say that the Equation group uses a hacking tool called “GROK.” That’s a tool used exclusively by the NSA’s elite cyber-warfare unit, Tailored Access Operations, according to classified NSA documents released by former contractor Edward Snowden last year.

Kaspersky says the Equation group also appears to have ties to Stuxnet, the computer worm that sabotaged Iran’s nuclear enrichment program in 2010 and was later revealed to be a joint U.S.-Israeli project.

The NSA declined to comment specifically on the Kaspersky report. But the agency noted that its efforts are focused on foiling terrorist plots from al-Qaeda and ISIS, stemming the flow of weapons of mass destruction and blocking aggression from foreign rivals.

“The U.S. government calls on our intelligence agencies to protect the United States, its citizens, and its allies,” NSA said in a statement to CNN.

The Kaspersky report is the latest to depict a world engaged in constant cyber espionage. In the past, security firms have noted how Chinese hacker spies take business plans from power plants. Russian hackers break into oil and gas companies.

Kaspersky research director Costin Raiu said the Equation group hacked into hospitals in China; banks and aerospace companies in Iran; energy companies and government offices in Pakistan; and universities, military facilities and rocket science research institutions in Russia.

The attacked Iran the most, researchers said.

The Equation group also spied on Muslim scholars in the United States and the United Kingdom, Raiu said. It emerged last year that the NSA and FBI have been monitoring the emails of prominent Muslim-American lawyers and activists.

The group monitored keystrokes and stole documents from computers. In one instance in the Middle East, the hackers programmed the malware to specifically look for oil-related shipping contracts and inventory price lists.

Malware attacked Windows computers, Macs and even iPhones.

Unlike other hackers, however, the Equation Group wasn’t interested in destroying computers or wiping them clean, the way North Koreans hurt Sony last year.

“They’re interested in long-term intelligence gathering,” Raiu said.

How far back does this go? Kaspersky researchers say the Equation group built some of its earliest malware in 2002, but the computer infrastructure used to spread the group’s computer viruses dates back to 1996.

Their ability to stay quiet this long goes to show how talented they are, the Kaspersky report noted.

By Jose Pagliery and Evan Perez

4 comments

  • mlfurm

    What a terrible bit of reporting. The whole piece equates to little more than, “The boogey man will get ya if ya don’t watch out!”… How about some actual information? What is the malware? What’s it called? Where is it in the firmware/bios? What does Kapersky suggest? What exactly does it monitor? How do you find out if you have it? What info is it steeling? I mean, there’s nothing in this report but silly, scary, bedtime stories! I highly doubt the whole, “might as well throw your computer away,” bit is true. RME. If it can be put on it can be taken off, even if it’s in the bios or wherever (even though it will take a lot more work.) Like I said, after reading this story, I’m still not even sure where exactly this supposed malware is supposedly at. I get the feeling that the reporter on this doesn’t really know anything about how computers work. “A scary magic virus will make you throw your computer away!!!” Again, RME.

Comments are closed.