{"id":11197,"date":"2015-02-16T00:00:00","date_gmt":"2015-02-16T00:00:00","guid":{"rendered":"http:\/\/localhost\/cyber-operations\/equation-group\/"},"modified":"2015-02-16T00:00:00","modified_gmt":"2015-02-16T00:00:00","slug":"equation-group","status":"publish","type":"post","link":"https:\/\/www.cfr.org\/cyber-operations\/equation-group","title":{"rendered":"Equation Group"},"content":{"rendered":"<p>In 2015, Moscow-based Kaspersky Lab published <a href=\"https:\/\/securelist.com\/blog\/research\/68750\/equation-the-death-star-of-malware-galaxy\/\">a report<\/a> on the Equation Group, a threat actor active <a href=\"https:\/\/securelist.com\/files\/2015\/02\/Equation_group_questions_and_answers.pdf\">since 2001 [PDF]<\/a>. It was responsible for infecting approximately <a href=\"https:\/\/arstechnica.com\/security\/2015\/02\/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last\/\">five hundred systems<\/a> in at least forty-two countries. The malware used by Equation Group had the ability to reprogram hard drives and then self-destruct, which made the operations effectively <a href=\"https:\/\/blog.kaspersky.com\/equation-hdd-malware\/7623\/\">invisible<\/a> and indestructible. Targeted systems ranged from the private to the public sector, from energy departments to military operations to media outlets.<\/p>\n<p>The tools and scope of the Equation Group suggest that it is one of the <a href=\"https:\/\/arstechnica.com\/security\/2015\/02\/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last\/\">most sophisticated threat actors operating in cyberspace<\/a>. Many believe that Equation Group is a state-sponsored entity, such as the U.S. National Security Agency or a joint effort between it and its Five Eyes allies.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In 2015, Moscow-based Kaspersky Lab published a report on the Equation Group, a threat actor active since 2001 [PDF]. It was responsible for infecting approximately five hundred systems in at least forty-two countries. The malware used by Equation Group had the ability to reprogram hard drives and then self-destruct, which made the operations effectively invisible [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_cloudinary_featured_overwrite":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3],"tags":[],"cyber_operation":[49],"state_sponsor":[183],"victim_category":[63,110],"victim_government_response":[186],"victim":[4,6,31,72,77,89,99,101,106,127,142,161,178,180,193],"class_list":["post-11197","post","type-post","status-publish","format-standard","hentry","category-threat-actor","cyber_operation-espionage","state_sponsor-united-states","victim_category-government","victim_category-military","victim_government_response-unknown","victim-afghanistan","victim-algeria","victim-china","victim-india","victim-iran-islamic-republic-of","victim-kenya","victim-lebanon","victim-libya","victim-mali","victim-pakistan","victim-russian-federation","victim-syrian-arab-republic","victim-united-arab-emirates","victim-united-kingdom","victim-yemen"],"acf":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/posts\/11197","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/comments?post=11197"}],"version-history":[{"count":0,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/posts\/11197\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/media?parent=11197"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/categories?post=11197"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/tags?post=11197"},{"taxonomy":"cyber_operation","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/cyber_operation?post=11197"},{"taxonomy":"state_sponsor","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/state_sponsor?post=11197"},{"taxonomy":"victim_category","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/victim_category?post=11197"},{"taxonomy":"victim_government_response","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/victim_government_response?post=11197"},{"taxonomy":"victim","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/victim?post=11197"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}