NSA or Not, Equation Group is Recognized as the “Most Advanced” Threat Actor in Cyberspace

Another report has been released identifying widespread spyware breaches. This most recent report released by Kaspersky Lab, a cyberthreat firm, named the “Equation Group” the most advanced “threat actor” out of over 60 advanced attackers investigated by the firm over the past several years, reports Defense One. According to the report, the Equation Group has been active for “possibly” 20 years, and is thought to be affiliated with the NSA, although the Kaspersky report did not outright make that claim.

Kaspersky Equation Group Report Cover

Is Equation Group the NSA?

Kaspersky’s report implied that the Equation Group is associated with, or may even be the same group responsible for the Stuxnet virus. According to the report, a computer worm created by the group in 2008, known as Fanny, used two zero-day exploits also used by Stuxnet, and was spread throughout the Middle East and Asia. The report explained that the two exploits were used in Fanny even before the they were used in Stuxnet. Fanny and Stuxnet both used the LNK exploit to spread,  the report continued. Further, both Fanny and Stuxnet utilized a vulnerability in Microsoft’s software which was later patched by the Microsoft bulletin MS09-025, according to the report. Kaspersky asserted that this indicated that the Equation group had access to the exploits before the Stuxnet group did. Additionally, the delivery mechanism believed to be utilized by both Stuxnet and Fanny were USB sticks used to gain access to air-gapped networks, such as the Iranian network infected by Stuxnet. The similarities in the use of these exploits, and within the same timeframe, indicates that the group responsible for Fanny and Stuxnet are either working together or are the same, the report concluded.

Who does Equation Group Target?

Stuxnet is believed to be the product of a joint venture between the NSA and the Israelis, leading to the belief that the Equation Group is actually the NSA or at least closely affiliated with it. Defense One reported that the group’s operations seem to target the “appropriate” people, “enemies foreign.” This indicates that the group operates under predetermined parameters, using usernames and network addresses to pick out specific targets, the article added. Targets resided in about 30 countries including Iran, Russia, Syria, and Afghanistan, according to the article. The article also reported that in addition to thousands of individuals, the group has infected entities within governments, telecommunications, and energy sectors, among others. This method of using existing vulnerabilities is “much less disruptive” than inserting vulnerabilities “that leave everyone insecure,” Bruce Schneier explained on the Lawfare Blog. Just as Stuxnet specifically targeted the Iranian network controlling its nuclear centrifuges, the Equation Group also conducts its activities carefully and precisely, targeting specific actors worldwide.

How does the release of this report affect current operations?

Experts claim this exposure may prove problematic for intelligence-gathering operations against Islamic extremists, Defense One added. However, according to the article, experts also admitted that the revelation will not likely end intelligence gathering operations. Further, even though its operations have been publicized, the group may still continue using the same methods because those breached may not have the capability to “detect, remediate, and mitigate” the risk posed by the group, the article reported. Furthermore, it is unknown how long it would take to develop the capability to do just that, adds the article. The NSA released a statement refusing to comment directly on the assertions made in Kaspersky’s report, however, it was admitted that allegations such as this always pose a risk to the nation’s security, reports Defense One.

Kaspersky’s full report can be found here.

Share:

Tags: , ,

Authors

Untitled Document
Professor William Snyder

Professor William C. Snyderis a member of the faculty of the Institute for National Security and Counter-terrorism at Syracuse University after fifteen years with the United States Department of Justice.

Ryan D. White

Ryan D. WhiteRyan is currently a third year law student at Syracuse University College of Law, and is also pursuing a Master of Public Administration degree from Syracuse’s Maxwell School of Citizenship and Public Affairs. Ryan spent time with Homeland Security Investigations while pursuing his undergraduate degree at Wesleyan University, and spent his first summer of law school as clerk for the U.S. Attorney’s Office in the Western District of New York. He is a member of Syracuse Law Review, the Journal on Terrorism and Security Analysis, and participates in the Veteran’s Legal Clinic.Full biography

Christopher w. FolkChristopher W. Folk

is a 2017 graduate of SU College of Law. A non-traditional student, Christopher returned to academia after spending nearly twenty years in the high tech industry. Christopher served in the Marine Corps, graduated from Cornell University with a B.S. In Applied Economics and Business Management, attended Northeastern University’s High-Tech MBA Program and received a M.S. In Computer Information Systems. Christopher previously worked in Software Engineering. Christopher is currently serving his second term as Town Justice for the Town of Waterloo. Christopher externed with a Cybersecurity firm in the Washington, D.C. area between his first and second year at SU College of Law. Full biography

Anna Maria Castillo

is 2016 graduate of Syracuse College of Law. She also holds a Master of Arts in International Relations from Syracuse University's Maxwell School of Citizenship and Public Affairs. She has interned at a London-based think-tank that specializes in transnational terrorism and global security and at the legal department of a defense contractor. She served as an executive editor in the Syracuse Law Review. Full biography

Jennifer A. CamilloJennifer A. Camillo

is a 2015 graduate of Syracuse College of Law and is a prosecutor. She has served as a law clerk in the United States Attorney’s Office for the Northern District of New York and the Cayuga County District Attorney’s Office and as an extern in the Oneida County District Attorney’s Office. She was a member of the Syracuse National Trial Team and was awarded the Tiffany Cup by the New York Bar Association for her trial advocacy achievements.

Tara J. PistoreseTara J. Pistorese

holds Juris Doctor and Masters of Public Administration degrees from Syracuse University's Maxwell School of Citizenship and Public Affairs and its College of Law. She wrote for this blog when a student. She is now a member of the U.S. Army Judge Advocate General's Corps.

Benjamin Zaiser

is both a scholar and a Federal Agent of the Federal Criminal Police Office of Germany. (Opinions expressed here are his own and not any part of official duty.) Full biography

Categories