Security Researchers Find Unexpected Weakness in Equation Malware
NEWS ANALYSIS: Experts from Kaspersky Lab say their analysis of the Equation Group's malware confirms its state-sponsored origins, but with an unexpected weakness.
An analysis of the Equation Group malware that Kaspersky Lab revealed earlier this year may be the most advanced malware the company has ever seen, according to one of the lab's top security technology experts. The expert, Costin Raiu, Director of Kaspersky's Global Research and Analysis team, said that the analysis also confirms suspicions that the group that created it is state-sponsored. The telltale signs include date stamps that show that major development steps, such as compiling the code, took place between 9 a.m. and 5 p.m. Eastern Standard Time, and that those steps were only carried out on weekdays, something typical of government employees. He also said that the level of sophistication, including the ability to use plug-ins, indicates capabilities far beyond those of cyber-criminals. Raiu said that his team kept track of the exact days that those steps took place, but that his team didn't check to see if they avoided public holidays.
But there were a few new insights that the Kaspersky team found that show that there's still a lot to learn about the Equation malware that's sometimes called "EquationDrug."