Chinese researchers attribute 'top-tier' backdoor to NSA Equation Group

By on
Chinese researchers attribute 'top-tier' backdoor to NSA Equation Group

Not everyone's convinced.

Security researchers at Beijing-based Pangu Lab say they have uncovered evidence showing that an advanced backdoor program used against targets in 45 countries originates from the United States National Security Agency (NSA) linked The Equation Group hackers.

The malware, Bvp47, was first found in 2013 when Pangu Lab researchers extracted a set of advanced backdoors or software used for covert remote access and control from a computer runniing Linux in a Chinese domestic government department.

Now, the Pangu Lab researchers say they have been able to conclude that Bvp47 was part of the cyber arsenal of NSA-linked The Equation Group.

As part of a series of leaks of The Equation Group hacking files in 2016 and 2017 by The Shadow Brokers, Pangu Lab found an encrypted private digital key that is used to remotely trigger the Bvp47 backdoor.

According to the researchers, the Bvp47 backdoor uses "advanced covert channel behaviour based on TCP SYN packets, code obfuscation, system hiding, and self-destruction design," Pangu Lab wrote.

"The tool is well-designed, powerful, and widely adapted. Its network attack capability equipped by 0day vulnerabilities was unstoppable, and its data acquisition under covert control was with little effort," Pangu Lab said.

Security researcher Kevin Beaumont said Bvp47 means the cybersecurity industry should realise the significance of misuse of the Enhanced Berkely Packet Filter tool that can be used to fully trace user operations in Linux and Windows without files written to disk or other revealing behaviour.

Labelling Bvp47 a "top-tier backdoor of NSA", Pangu Lab saying it was used for network intrusion attacks on more than 287 targets in 45 countries.

However, Western security researchers are casting doubts as to Pangu Lab's findings, with notable cryptographer Matthew Green calling the report confusing.

Apart from US adversaries such as Russia and China, Bvp47 was used against telcos, academia, and military targets in key European Western-allied nations as well.

Pangu Lab added that The Equation Group "is the world's leading cyber-attack group" which is in a "dominant position in national-level cyberspace confrontation."

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
equation group nsa pangu lab security snowden the shadow broker

Sponsored Whitepapers

A Guide to Cyber Security Threat Hunting
A Guide to Cyber Security Threat Hunting
20 ways Automate solves IT and business problems
20 ways Automate solves IT and business problems
Magic Quadrant for Access Management
Magic Quadrant for Access Management
Fortinet Networking and Cybersecurity Adoption Index 2021
Fortinet Networking and Cybersecurity Adoption Index 2021
The 5 steps to effective data protection
The 5 steps to effective data protection

Most Read Articles

TPG, Telstra to share mobile network and spectrum for decades

TPG, Telstra to share mobile network and spectrum for decades
NBN Co wants to test how much extra users will pay for 100Mbps

NBN Co wants to test how much extra users will pay for 100Mbps
Border Force defends temporary phone seizures at checkpoints

Border Force defends temporary phone seizures at checkpoints
Telstra CEO says NBN customer migration nearly complete

Telstra CEO says NBN customer migration nearly complete

Digital Nation

As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner
Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration
The other &#8216;CTO&#8217;: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer

Log In

Email:
Password:
  |  Forgot your password?