The U.S. has succeeded in embedding virtually untouchable “implants” that are capable of spying on and even damaging foreign computer networks, according to a new report from a Russian cybersecurity company.
Kaspersky Lab says the malicious spyware is the work of a shadow entity called the Equation Group, which has allegedly infiltrated networks in Iran, Russia, Pakistan and Afghanistan. The report says India, China and Syria are some of the other nations with a “high infection rate.”
According to Kaspersky, the implants are different from other cyberattacks in that they directly infect a computer’s firmware — the software that links directly to the hard drive.
This means that it is beyond the reach of most antivirus and security products, and is immune to efforts to wipe clean or even replace hard drives since it can be recalled at will. It also has the ability to unravel a system’s encryption and permanently store data in a hidden area, says Kaspersky.
“It means that we are practically blind and cannot detect hard drives that have been infected by this malware,” said Costin Raiu, director of Kaspersky Lab’s Global Research and Analysis Team.
“Your computer won’t boot up and you can’t use it,” Andrew Regenscheid of the National Institute of Standards and Technology told the New York Times in an interview, explaining the effect of a firmware infection. “You have to replace the computer to recover from that attack.”