treewe.blogg.se - september 2022

Internet worm maker thing tool password#
Internet worm maker thing tool professional#

The attackers used universal methods to infect targets: not only through the web, but also in the physical world. When the stick was plugged into the air-gapped computer, Fanny recognized the commands and executed them.Ĭlassic spying methods to deliver malware If the attackers wanted to run commands on the air-gapped networks, they could save these commands in the hidden area of the USB stick. In particular, an infected USB stick with a hidden storage area was used to collect basic system information from a computer not connected to the Internet and to send it to the C&C when the USB stick was plugged into a computer infected by Fanny and having an Internet connection. For this, it used a unique USB-based command and control mechanism which allowed the attackers to pass data back and forth from air-gapped networks. Its main purpose was to map air-gapped networks, in other words – to understand the topology of a network that cannot be reached, and to execute commands to those isolated systems. The Fanny worm stands out from all the attacks performed by the Equation group.

Internet worm maker thing tool password#

Also, in some cases it may help the group to crack the encryption: “Taking into account the fact that their GrayFish implant is active from the very boot of the system, they have the ability to capture the encryption password and save it into this hidden area,” explains Costin Raiu.Ībility to retrieve data from isolated networks It is used to save exfiltrated information which can be later retrieved by the attackers.

The ability to create an invisible, persistent area hidden inside the hard drive.

It means that we are practically blind, and cannot detect hard drives that have been infected by this malware” – warns Costin Raiu, Director of the Global Research and Analysis Team at Kaspersky Lab. To put it simply: for most hard drives there are functions to write into the hardware firmware area, but there are no functions to read it back. “Another dangerous thing is that once the hard drive gets infected with this malicious payload, it is impossible to scan its firmware. It may prevent the deletion of a certain disk sector or substitute it with a malicious one during system boot. If the malware gets into the firmware, it is available to “resurrect” itself forever.

An extreme level of persistence that helps to survive disk formatting and OS reinstallation.

rewriting the hard drive’s operating system), the group achieves two purposes: This is perhaps the most powerful tool in the Equation group’s arsenal and the first known malware capable of infecting the hard drives.īy reprogramming the hard drive firmware (i.e. GReAT has been able to recover two modules which allow reprogramming of the hard drive firmware of more than a dozen of the popular HDD brands. Without a doubt there will be other “implants” in existence. To infect their victims, the group uses a powerful arsenal of “implants” (Trojans) including the following that have been named by Kaspersky Lab: EquationLaser, EquationDrug, DoubleFantasy, TripleFantasy, Fanny and GrayFish.

Internet worm maker thing tool professional#

However, only now Kaspersky Lab’s experts can confirm they have discovered a threat actor that surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades – The Equation Group.Īccording to Kaspersky Lab researchers the group is unique almost in every aspect of their activities: they use tools that are very complicated and expensive to develop, in order to infect victims, retrieve data and hide activity in an outstandingly professional way, and utilize classic spying techniques to deliver malicious payloads to the victims. The team has seen nearly everything, with attacks becoming increasingly complex as more nation-states got involved and tried to arm themselves with the most advanced tools. For several years, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been closely monitoring more than 60 advanced threat actors responsible for cyber-attacks worldwide.