The Most Sophisticated Malware Yet?

The malware from the Equation Group that has modified hard drive firmware is perhaps the most sophisticated cyberattack tool invented, according to Kaspersky Lab's Global Research and Analysis Team, or GReAT.

Moscow-based Kaspersky, in its Feb. 16 report on the attack, called the Equation Group "a threat actor that surpasses anything known in terms of complexity and sophistication of techniques."

The Equation Group's sophistication, and the technology used in the hard drive firmware attack, seems closely related to the developers of Stuxnet and Flame, two other powerful cyberattacks generally attributed to the National Security Agency, according to Kaspersky.

[Related: Hard Drive Malware Hack Opens A Pandora's Box, But Storage Vendors Have Been Closed Off On The Implications]

Sponsored post

Such speculation is also fed by a map of known targets of the attack published by Kaspersky that shows Iran, Russia, Pakistan, Afghanistan, India, China, Syria and Mali as countries with the highest infection rates.

The attack on hard drive firmware comes from two modules, Kaspersky reported.

The modules create an "invisible, persistent area hidden inside the hard drive" which can be used to save data from the drive that can be later retrieved by attackers, and which may also aid in the decryption of data on the drive, Kaspersky said.

They appear to take advantage of another Equation Group technology dubbed GrayFish to capture encryption passwords and save them in the disk's hidden area.

The cyberattack, once it gets into the hard drive firmware, can survive disk reformatting and operating system reinstallation, Kaspersky said in the report.

The persistence of the malware stems from the ability to prevent the deletion of a certain desk sector or substitute a sector with malicious code during system boot, Kaspersky said. Also, the firmware of a drive infected with the malware cannot be scanned.

"It means that we are practically blind, and cannot detect hard drives that have been infected by this malware," the company said.

This article originally appeared as an exclusive on the CRN Tech News App for iOS and Windows 8.