A new cybersecurity industry report has revealed that a group of cybercriminals is infecting government, university and enterprise computer networks with malware created for the National Security Agency. The security firm that released the report described the hacking campaign as something “that exceeds anything we have ever seen before,” noting that the malware being used is very flexible and incredibly hard to detect.
The cybercriminal organization
Researchers revealed that the group even appears to have a connection with Stuxnet, the computer worm responsible for sabotaging Iran’s nuclear enrichment program in 2010. Stuxnet was later revealed to be a joint project between the U.S. and Israel. Even more worrying, according to the report, is that the hackers have been using a tool known as GROK – something exclusively used by the NSA’s cyber-warfare unit. Use of GROK by the U.S. government was revealed in the classified NSA files leaked by former contractor Edward Snowden.
This malware is scary, but nothing new
While the findings of the report are alarming, this is just the latest occurrence in a string of incidents using government malware to commit corporate espionage plots. Hackers backed by China have stolen files from power plants containing business plans and Russian cyberspies have infected the corporate networks of oil and gas companies. However, the researchers responsible for the study don’t believe the Equation Group is backed by one particular government. There is evidence the cybercriminals have hacked into Chinese hospitals, Iranian banks and aerospace companies, Russian universities, rocket science research institutions, military facilities and even Pakistani government agencies.
The hackers used the malware to monitor keystrokes on enterprise machines and steal documents using legitimate credentials. In one particular scenario, the group programmed the malicious software to look specifically for shipping contracts and inventory price lists related to oil sales.
To defend against malicious software infecting their privileged network, many companies have started to employ a layered security solution. Faronics Anti-Virus provides protection for multiple endpoints and leverages a variety of strategies, such as Web filtering, firewalls, anti-rootkit and anti-spyware, to protect against cybercriminals and keep important information and systems safe.