Equation’dan Kurtuluş Yok

Kaspersky tarafından yayınlanan bir güvenlik raporu, Equation adı verilen bir gizli siber-casusluk grubunun marifetlerini biraz olsun ortaya çıkardı. Equation grubu hangi ülke ya da örgüte bağlı olarak çalışıyor, orası pek bilinmiyor. Ancak Kaspersky uzmanlarına göre bu grubun kullandığı yöntemlerin ucu Amerikan istihbarat örgütlerini ve özellikle de NSA’yı işaret ediyor.

Equation tarafından…

View On WordPress

Equation group

With operations predating at least 2001, Equation group is one of the most persistent and arguably, the most sophisticated threat groups in operation. Equation Group was discovered during Russian cyber-security firm, Kaspersky’s investigation into the Regin threat group. Kaspersky attributes Equation Group to the United States National Security Agency; however, definitive evidence of attribution remains absent. Equation group’s name derives from their employment of encryption and obfuscation strategies throughout their operations. The RC5 encryption algorithm is deployed throughout the malware and additional encryption algorithms RC6, RC4, and AES are added in other modules. Some of the attribution of the group to the United States comes from similarities between the malware platform and exploits to Stuxnet and the Gauss malware. Equation Group has globally targeted more than 500 victims in over 30 countries including Iran, Russia, Syria, Afghanistan, Kazakhstan, Belgium, Somalia, Hong Kong, Libya, United Arab Emirates, Iraq, Nigeria, Ecuador, Mexico, Malaysia, United States, Sudan, Lebanon, Palestine, France, Germany, Singapore, Qatar, Pakistan, Yemen, Mali, Switzerland, Bangladesh, South Africa, Philippines, United Kingdom, India and Brazil. Targets are affiliated with government institutions, diplomatic organizations, the telecommunication sector, aerospace firms, energy companies, nuclear research facilities, oil and gas companies, military systems, nanotechnology research facilities, Islamic activists and scholars, mass media outlets, the transportation sector, financial institutions, and companies developing cryptographic technologies. It is possible that even more infections remain undiscovered. Kaspersky estimates that Equation Group attacked 2000 targets per month in 2008; although, the estimate seems generous. Equation Group’s known C&C infrastructure spans more than 300 domains on over 100 servers.

EQUATIONGROUP

242. Front . . . . . . . #standardsandpraiserepurpose #flameespionage #zerodayexploit #doublefantasy #equationlaser #equationdrug #straitbizarre #patientzero #equestre #grayfish #stuxnet #careto #mask #turla #end

ShadowBrokers Releases NSA UNITEDRAKE Manual

The ShadowBrokers released the manual for UNITEDRAKE, a sophisticated NSA Trojan that targets Windows machines:

Able to compromise Windows PCs running on XP, Windows Server 2003 and 2008, Vista, Windows 7 SP 1 and below, as well as Windows 8 and Windows Server 2012, the attack tool acts as a service to capture information.

UNITEDRAKE, described as a "fully extensible remote collection system designed for Windows targets," also gives operators the opportunity to take complete control of a device.

The malware's modules -- including FOGGYBOTTOM and GROK -- can perform tasks including listening in and monitoring communication, capturing keystrokes and both webcam and microphone usage, the impersonation users, stealing diagnostics information and self-destructing once tasks are completed.

More news.

UNITEDRAKE was mentioned in several Snowden documents and also in the TAO catalog of implants.

And Kaspersky Labs has found evidence of these tools in the wild, associated with the Equation Group -- generally assumed to be the NSA:

The capabilities of several tools in the catalog identified by the codenames UNITEDRAKE, STRAITBAZZARE, VALIDATOR and SLICKERVICAR appear to match the tools Kaspersky found. These codenames don't appear in the components from the Equation Group, but Kaspersky did find "UR" in EquationDrug, suggesting a possible connection to UNITEDRAKE (United Rake). Kaspersky also found other codenames in the components that aren't in the NSA catalog but share the same naming conventions­they include SKYHOOKCHOW, STEALTHFIGHTER, DRINKPARSLEY, STRAITACID, LUTEUSOBSTOS, STRAITSHOOTER, and DESERTWINTER.

ShadowBrokers has only released the UNITEDRAKE manual, not the tool itself. Presumably they're trying to sell that

from ShadowBrokers Releases NSA UNITEDRAKE Manual

Equation group

With operations predating at least 2001, Equation group is one of the most persistent and arguably, the most sophisticated threat groups in operation. Equation Group was discovered during Russian cyber-security firm, Kaspersky’s investigation into the Regin threat group. Kaspersky attributes Equation Group to the United States National Security Agency; however, definitive evidence of attribution remains absent. Equation group’s name derives from their employment of encryption and obfuscation strategies throughout their operations. The RC5 encryption algorithm is deployed throughout the malware and additional encryption algorithms RC6, RC4, and AES are added in other modules. Some of the attribution of the group to the United States comes from similarities between the malware platform and exploits to Stuxnet and the Gauss malware. Equation Group has globally targeted more than 500 victims in over 30 countries including Iran, Russia, Syria, Afghanistan, Kazakhstan, Belgium, Somalia, Hong Kong, Libya, United Arab Emirates, Iraq, Nigeria, Ecuador, Mexico, Malaysia, United States, Sudan, Lebanon, Palestine, France, Germany, Singapore, Qatar, Pakistan, Yemen, Mali, Switzerland, Bangladesh, South Africa, Philippines, United Kingdom, India and Brazil. Targets are affiliated with government institutions, diplomatic organizations, the telecommunication sector, aerospace firms, energy companies, nuclear research facilities, oil and gas companies, military systems, nanotechnology research facilities, Islamic activists and scholars, mass media outlets, the transportation sector, financial institutions, and companies developing cryptographic technologies. It is possible that even more infections remain undiscovered. Kaspersky estimates that Equation Group attacked 2000 targets per month in 2008; although, the estimate seems generous. Equation Group’s known C&C infrastructure spans more than 300 domains on over 100 servers.

GRAYFISH

Kaspersky claims to have found NSA's 'space station malware'

Kaspersky claims to have found NSA’s ‘space station malware’

  by  Darren Pauli

Kaspersky malware probers have uncovered a new ‘operating system’-like platform that was developed and used by the National Security Agency (NSA) in its Equation spying arsenal.

The EquationDrug or Equestre platform is used to deploy 116 modules to target computers that can siphon data and spy on victims.

“It’s important to note that EquationDrug is not just a trojan, but a…

View On WordPress

Inside EquationDrug: The world’s premier, NSA-backed espionage platform

Inside EquationDrug: The world’s premier, NSA-backed espionage platform

Share This article

Ever since Edward Snowden uncovered the NSA’s shadowy operations and huge net of intelligence gathering, there’s been an unanswered query lurking within the background — the place are the teams that construct and keep the NSA’s numerous software program instruments? Kaspersky Labs thinks it’s discovered at the least one in every of them and uncovered the spycraft suite that…

View On WordPress