Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label NSA Equation Group. Show all posts

A U.S. Group Hacked Top Research Institutes in India, Russia and China

 

According to a new report from a Beijing-based cybersecurity firm, hackers associated with the United States National Security Agency (NSA) were discovered to have inserted "covert backdoors" that could have given them access to sensitive information in dozens of countries, including India, Russia, China, and Japan. According to the report, it is getting traction in China's media after the country was accused with cyber hacking by the US. 

China's cyber-attacks target sensitive data stored by US institutions. It has become a thorn on the side of bilateral relations between the US and China. On the other side, Indian organisations believe that China hacks into sensitive data from government agencies and institutions. 

The National Security Agency (NSA) is a United States Department of Defense national-level intelligence agency that reports to the Director of National Intelligence (DNI). The NSA is in charge of worldwide information and data monitoring, gathering, and processing for foreign and domestic intelligence and counterintelligence purposes, specialised in a field known as signals intelligence (SIGINT). The NSA is also in charge of protecting the United States' communication networks and information systems. 

Among the allegedly hijacked websites named in the report were those associated with one of India's leading microbial research labs, the Institute of Microbial Technology (IMTech) under the Council of Scientific and Industrial Research, as well as the Indian Academy of Sciences in Bengaluru. Websites associated with the Banaras Hindu University were also reported to have been hacked.

Pangu Lab, a Beijing-based cybersecurity firm, published a technical study outlining how it discovered the backdoors and linked them to "unique IDs in the operating manuals of the NSA" discovered in the 2013 leak of NSA documents by insiders. 

According to the Chinese firm, in 2013, CIA analyst Edward Snowden leaked very relevant NSA files. Because they reveal the NSA's unique IDs. The company discovered a key that unlocks a backdoor Bvp47. It is a hacking tool created in partnership with the National Security Agency by The Equation Group. It also led to the detection of a number of similar cyberattacks that used the same unique IDs as the NSA platform. 

According to the report, which outlined how the backdoor operated, this was a backdoor communication technology that has never been seen before, indicating an organisation with considerable technological capabilities behind it. “As an advanced attack tool, Bvp47 has allowed the world to see its complexity,” it said. “What is shocking is that after analysis, it has been realised that it may have existed for more than 10 years.”

Researchers Disclosed Details of NSA Equation Group’s Bvp47 Backdoor

 

Pangu Lab researchers have revealed information of a Linux top-tier APT backdoor dubbed as Bvp47, which is linked to the US National Security Agency (NSA) Equation Group. 

The term "Bvp47" is derived from several references to the string "Bvp" and the numerical figure "0x47" used in the encryption algorithm. The Bvp47 backdoor was first identified in 2013 during a forensic examination into a security breach at a Chinese government entity. The backdoor was discovered on Linux computers after an in-depth forensic assessment of a host in a key domestic department, according to the experts. The malware seemed to be a top-tier APT backdoor, but to further investigate the malicious code needed the attacker’s asymmetric encrypted private key to activate the remote control function.

The hacking group, The Shadow Brokers disclosed a trove of data reportedly taken from the Equation Group in 2016 and 2017, including a slew of hacking tools and exploits. The hackers disclosed a new dump at the end of October 2016, this time featuring a list of systems compromised by the NSA-linked Equation Group. The Bvp47 backdoor was identified by Pangu Lab researchers within material exposed by The Shadow Brokers. In ten years, the Equation Group attacked over 287 targets in 45 countries, including Russia, Japan, Spain, Germany, and Italy, according to stolen data. 

Governments, telecommunications, aircraft, energy, financial institutions, nuclear research, oil and gas, military, transportation, and companies researching encryption technologies were among the industries targeted by the group. The attacks involving the Bvp47 backdoor have been termed "Operation Telescreen" by Pangu Lab. The malicious code was created to allow operators to gain long-term control over compromised devices. 

The report published by the experts stated, “The implementation of Bvp47 includes complex code, segment encryption and decryption, Linux multi-version platform adaptation, rich rootkit anti-tracking techniques, and most importantly, it integrates advanced BPF engine used in advanced covert channels, as well as cumbersome communication encryption and decryption process”  

Experts believe there was no security against the backdoor's network attack capacity, which is loaded with zero-day vulnerabilities. The Pangu Lab research covers technical specifics about the backdoor as well as information about the Equation Group's relationship with the US National Security Agency. The Equation Group's engagement is based on exploits found in the encrypted archive file "eqgrp-auction-file.tar.xz.gpg" released by the Shadow Brokers following a failed 2016 auction.