The Latest in IT Security

Analysis of Equation Group and espionage platform discovers another link to the NSA

12
Mar
2015

hacker-shutterstock

researchers continue to analyze the and digital artifacts tied to the Equation Group, a nation-state threat actor that has been active for almost twenty years, and to present their discoveries to the public.

They shared more information about EquationDrug, an espionage platform that the group used for over a decade, and has ultimately been replaced by a more sophisticated one dubbed GrayFish.

“The EquationDrug platform includes dozens of executables, configurations and protected storage locations,” they explained. “The architecture of the whole framework resembles a mini-operating system with kernel-mode and user-mode components carefully interacting with each other via a custom message-passing interface. The platform includes a set of drivers, a platform core (orchestrator) and a number of plugins. Every plugin has a unique ID and version number that defines a set of functions it can provide. Similar to popular OS kernel designs, such as on Unix-based systems, some of the essential modules are statically linked to the platform core, while others are loaded on demand.”

Read More

Leave a reply


Categories

THURSDAY, MARCH 28, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments