The Latest in IT Security

Analysis of Equation Group and espionage platform discovers another link to the NSA

12
Mar
2015
Analysis of Equation Group and espionage platform discovers another link to the NSA

hacker-shutterstock

researchers continue to analyze the and digital artifacts tied to the Equation Group, a nation-state threat actor that has been active for almost twenty years, and to present their discoveries to the public.

They shared more information about EquationDrug, an espionage platform that the group used for over a decade, and has ultimately been replaced by a more sophisticated one dubbed GrayFish.

“The EquationDrug platform includes dozens of executables, configurations and protected storage locations,” they explained. “The architecture of the whole framework resembles a mini-operating system with kernel-mode and user-mode components carefully interacting with each other via a custom message-passing interface. The platform includes a set of drivers, a platform core (orchestrator) and a number of plugins. Every plugin has a unique ID and version number that defines a set of functions it can provide. Similar to popular OS kernel designs, such as on Unix-based systems, some of the essential modules are statically linked to the platform core, while others are loaded on demand.”

Read More

Leave a reply


Categories

SUNDAY, FEBRUARY 25, 2018

Featured

Archives

Latest Comments

Social Networks