In-brief: Kaspersky Lab issued a report Monday alleging its researchers discovered evidence of a long-running cyber espionage campaign with links to the U.S. government and National Security Agency.
There are reports today from Moscow-based Kaspersky Lab that alleges the U.S. National Security Agency – and the U.S. government – engaged in a decades-long campaign of cyber espionage that targeted organizations in Iran, Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.
According to a report on Threatpost.com, a security news website that is owned and operated by Kaspersky, researchers at the firm believe the cyber espionage campaign may have been operating for 15 years or more and has characteristics that link it to Stuxnet, Flame and other “highly sophisticated operations.” Kaspersky has dubbed the group behind the cyber espionage campaign the “Equation Group.”
Specifically, exploits for two previously unknown (or “zero day”) vulnerabilities, including the so-called LNK vulnerability were used by the group. Those same vulnerabilities were later leveraged by Stuxnet, a sophisticated piece of malicious software that has been linked to the NSA and that was used to compromise Uranium enrichment equipment belonging to the Iranian government.
Other techniques used by the group include physically intercepting (or “interdicting”) physical media such as CDs and hard disk drives and inserting custom malicious software on them, Threatpost reported.
Reuters notes that one tool used by the group was malware that ran on firmware sold with hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers. The malware gave the agency “the means to eavesdrop on the majority of the world’s computers,” Reuters reports.