1. Home
  2. Groups
  3. Equation

Equation

Equation is a sophisticated threat group that employs multiple remote access tools. The group is known to use zero-day exploits and has developed the capability to overwrite the firmware of hard disk drives. [1]

ID: G0020
Version: 1.2
Created: 31 May 2017
Last Modified: 29 June 2020
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1120 外围设备发现

Equation has used tools with the functionality to search for specific information about the attached hard drive that could be used to identify and overwrite the firmware.[1]
Enterprise T1480 .001 执行保护: Environmental Keying

Equation has been observed utilizing environmental keying in payload delivery.[2][1]
Enterprise T1564 .005 隐藏伪装: Hidden File System

Equation has used an encrypted virtual file system stored in the Windows Registry.[1]
Enterprise T1542 .002 预操作系统引导: Component Firmware

Equation is known to have the capability to overwrite the firmware on hard drives from some manufacturers.[1]

References

  1. Kaspersky Lab's Global Research and Analysis Team. (2015, February). Equation Group: Questions and Answers. Retrieved December 21, 2015.
  1. Kaspersky Lab. (2012, August). Gauss: Abnormal Distribution. Retrieved January 17, 2019.