View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 17, 2015updated 19 Aug 2016 3:58pm

Researchers unearth possible proto-Stuxnet virus

‘Equation’ group targeted government and industry around the world.

By Jimmy Nicholls

A gang of hackers behind a precursor to the Stuxnet virus has been unearthed by researchers at Kaspersky Lab, a security vendor.

Nicknamed Equation by the firm, the outfit was found exploiting a number of vulnerabilities later used by Stuxnet, and there are indications that the two projects may have been linked.

"The similar type of usage of both exploits together in different computer worms, at around the same time, indicates that the Equation group and the Stuxnet developers are either the same or working closely together," Kaspersky said.

Fanny, a computer worm developed by Equation, utilised two unpatched "zero day" flaws and a privilege escalation bug that Stuxnet also made use of, though Fanny was built some time before Stuxnet was used to attack Iranian nuclear centrifuges.

"As an interesting note, some of the ‘patients zero’ [the first infection targets] of Stuxnet seem to have been infected by the Equation group," Kaspersky added. "It is quite possible that the Equation group malware was used to deliver the Stuxnet payload."

Equation was found to have attacked 500 victims in more than 30 countries around the world, including nations in Europe, the Americas, North Africa and Asia. Targets tended to include important industrial and governmental bodies, as well as the media, finance, and academia, according to the firm.

While the group’s malware was said to surpass even Regin in sophistication, its most notable innovation was the ability infect hard drive firmware, which was said to exceed anything Kaspersky had previously seen.

Content from our partners
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
Infosecurity Europe 2024: Rethink the power of infosecurity

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.