Kaspersky, the famous security company has claimed that a group called ‘Equation’ has been infecting external hard drives with a firmware resident malware for no less than 20 years. This malware is so lethal that it can never be detected nor destroyed. Perhaps the only way to get rid of this malware is to physically destroy the device. Kaspersky detailed this interesting reveal in a blog post and said that it has identified that ‘Equation’ group— which used ‘similar’ techniques as used by US intelligence agencies— is infecting hard drives of almost all famous companies with a lethal malware.
The external hard drives which could be effected are from famous companies like Seagate, Western Digital, Samsung.
Kaspersky lab blog post said that this sophisticated attack targeted countries like Russia, China, Afghanistan, India and Pakistan. The report also claimed that the encryption techniques used by the Equation group had a striking similarity with NSA techniques that were leaked in some documents in 2013.
The lethal firmware malware works in two-pronged fashion. As soon as it gets on the hard drive, it creates sectors and partitions in it which can only be accessed by secret API (application programming interface). Once the malware gets hold, any kind of formatting, partitioning, antivirus scans cannot remove it.
The source said that such kind of sophisticated malware is there in the books but this is the first time it has been practically seen with all its meticulous implementation.
Kaspersky says that most hard drive vendors use ATA commands that are publicly available. These commands and firmware architecture was exploited by the Equation group. The malware is named as ‘Equationdrug’ and ‘GrayFish’.