The US has found a way to permanently embed surveillance and sabotage tools in computers and networks it has targeted in Iran, Russia, Pakistan, China, Afghanistan and other nations watched closely by US intelligence agencies, according to Russian cybersecurity firm Kaspersky Lab.
In a presentation of its findings at a conference in Mexico on Monday, Kaspersky said that the software had been placed by what it called the “Equation Group,” which appears to be a veiled reference to the US National Security Agency and its military counterpart, US Cyber Command.
It linked the techniques to those used in Stuxnet, a computer worm that disabled about 1,000 centrifuges in Iran’s nuclear enrichment program. It was later revealed that Stuxnet was part of a program codenamed “Olympic Games” and run jointly by Israel and the US.
Kaspersky’s report said that Olympic Games had similarities to a much broader effort to infect computers well beyond those in Iran.
It detected particularly high infection rates in computers in Iran, Pakistan and Russia, three nations whose nuclear programs the US routinely monitors.
Some of the implants burrow so deeply into the computer systems, Kaspersky said, that they infect the “firmware,” embedded software that preps the computer’s hardware before the operating system starts.
The software is beyond the reach of existing antivirus products and most security controls, Kaspersky reported, making it virtually impossible to wipe out.
In many cases, it also allows US intelligence agencies to obtain encryption keys off a machine and unlock scrambled contents.
Moreover, many of the tools are designed to run on computers that are disconnected from the Internet, which was the case in the computers controlling Iran’s nuclear enrichment plants.
Kaspersky said that of the more than 60 attack groups it was tracking in cyberspace, the so-called Equation Group “surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades.”
Kaspersky Lab was founded by Eugene Kaspersky, who studied cryptography at a high school co-sponsored by the KGB and once worked for the Russian military.
The group’s studies, including one about a cyberattack on more than 100 banks and other financial institutions in 30 nations, are considered credible by Western experts.
Security software made by Kaspersky Lab is not used by many US government agencies, making it more trusted by other governments, like those of Iran and Russia, whose systems are closely watched by US intelligence agencies. That gives Kaspersky a front-row seat to the US’ digital espionage operations.
The firm’s researchers said that what makes these attacks particularly remarkable is their way of attacking the actual firmware of the computers. Only in rare cases are cybercriminals able to get into what is considered the guts of a machine.
Recovering from a cyberattack typically involves wiping the computer’s operating system and reinstalling software, or replacing a computer’s hard drive.
However, if the firmware becomes infected, security experts said, it can turn even the most sophisticated computer into a useless piece of metal.
In the past, security experts have spoken about “the race to the bare metal” of a machine. As security around software has increased, criminals have looked for ways to infect the actual hardware of the machine. Firmware is about the closest to the bare metal users can get — a coveted position that allows the attacker to not only hide from antivirus products, but also to reinfect a machine even if its hard drive is wiped.
“If the malware gets into the firmware, it is able to resurrect itself forever,” Kaspersky threat researcher Costin Raiu said in the report. “It means that we are practically blind and cannot detect hard drives that have been infected with this malware.”
The possibility of such an attack is one that math researchers at the US National Institute of Standards and Technology, a branch of the US Department of Commerce, have long cautioned about, but have very rarely seen.
In an interview last year, institute math researcher Andrew Regenscheid said that such attacks were extremely powerful.
If the firmware gets corrupted, Regenscheid said, “your computer won’t boot up and you can’t use it. You have to replace the computer to recover from that attack.”
That kind of attack also makes for a powerful encryption-cracking tool, Raiu said, because it gives attackers the ability to capture a machine’s encryption password, store it in “an invisible area inside the computer’s hard drive” and unscramble a machine’s contents.
FRAUD ALLEGED: The leader of an opposition alliance made allegations of electoral irregularities and called for a protest in Tirana as European leaders are to meet Albanian Prime Minister Edi Rama’s Socialist Party scored a large victory in parliamentary elections, securing him his fourth term, official results showed late on Tuesday. The Socialist Party won 52.1 percent of the vote on Sunday compared with 34.2 percent for an alliance of opposition parties led by his main rival Sali Berisha, according to results released by the Albanian Central Election Commission. Diaspora votes have yet to be counted, but according to initial results, Rama was also leading there. According to projections, the Socialist Party could have more lawmakers than in 2021 elections. At the time, it won 74 seats in the
A Croatian town has come up with a novel solution to solve the issue of working parents when there are no public childcare spaces available: pay grandparents to do it. Samobor, near the capital, Zagreb, has become the first in the country to run a “Grandmother-Grandfather Service,” which pays 360 euros (US$400) a month per child. The scheme allows grandparents to top up their pension, but the authorities also hope it will boost family ties and tackle social isolation as the population ages. “The benefits are multiple,” Samobor Mayor Petra Skrobot told reporters. “Pensions are rather low and for parents it is sometimes
CANCER: Jose Mujica earned the moniker ‘world’s poorest president’ for giving away much of his salary and living a simple life on his farm, with his wife and dog Tributes poured in on Tuesday from across Latin America following the death of former Uruguayan president Jose “Pepe” Mujica, an ex-guerrilla fighter revered by the left for his humility and progressive politics. He was 89. Mujica, who spent a dozen years behind bars for revolutionary activity, lost his battle against cancer after announcing in January that the disease had spread and he would stop treatment. “With deep sorrow, we announce the passing of our comrade Pepe Mujica. President, activist, guide and leader. We will miss you greatly, old friend,” Uruguayan President Yamandu Orsi wrote on X. “Pepe, eternal,” a cyclist shouted out minutes later,
MIGRATION: The Supreme Court justices said they were not deciding whether Trump could legally use the Alien Enemies Act to deport undocumented migrants US President Donald Trump on Friday lashed out at the US Supreme Court after it blocked his bid to resume deportations of alleged Venezuelan gang members, saying the justices are “not allowing me to do what I was elected to do.” Trump’s berating of the high court, in a post on Truth Social, came after it dealt another setback to his attempt to swiftly expel alleged Tren de Aragua (TdA) gang members using an obscure wartime law, the 1798 Alien Enemies Act (AEA). Trump has been at loggerheads with the judiciary ever since he returned to the White House, venting
RSS