A gang of hackers behind a precursor to the Stuxnet virus has been unearthed by researchers at Kaspersky Lab, a security vendor.
Nicknamed Equation by the firm, the outfit was found exploiting a number of vulnerabilities later used by Stuxnet, and there are indications that the two projects may have been linked.
"The similar type of usage of both exploits together in different computer worms, at around the same time, indicates that the Equation group and the Stuxnet developers are either the same or working closely together," Kaspersky said.
Fanny, a computer worm developed by Equation, utilised two unpatched "zero day" flaws and a privilege escalation bug that Stuxnet also made use of, though Fanny was built some time before Stuxnet was used to attack Iranian nuclear centrifuges.
"As an interesting note, some of the ‘patients zero’ [the first infection targets] of Stuxnet seem to have been infected by the Equation group," Kaspersky added. "It is quite possible that the Equation group malware was used to deliver the Stuxnet payload."
Equation was found to have attacked 500 victims in more than 30 countries around the world, including nations in Europe, the Americas, North Africa and Asia. Targets tended to include important industrial and governmental bodies, as well as the media, finance, and academia, according to the firm.
While the group’s malware was said to surpass even Regin in sophistication, its most notable innovation was the ability infect hard drive firmware, which was said to exceed anything Kaspersky had previously seen.
