Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

A Different Kind of Equation

Published: 2015-02-17
Last Updated: 2015-02-17 10:37:04 UTC
by Rob VandenBrink (Version: 1)
3 comment(s)

Both the mainstream media and our security media is abuzz with Kasperksy's disclosure of their research on the "Equation" group and the associated malware.  You can find the original blog post here: http://www.kaspersky.com/about/news/virus/2015/equation-group-the-crown-creator-of-cyber-espionage

But if you want some real detail, check out the Q&A document that goes with this post; http://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf

Way more detail, and much more sobering to see that this group of malware goes all the way back to 2001, and includes code to map disconnected networks (using USB key C&C like Stuxnet did), as well as the disk firmware facet that's everyone's headline today.

Some Indicators of Compromise, something we can use to identify if our organizations or clients are affected - are included in the PDF.  The DNS IoC's included are especially easy to use, either as checks against logs or as black-hole entries.

===============
Rob VandenBrink
Metafore

Keywords: Equation Kasperksy
3 comment(s)
Diary Archives