Nation-State Actor
Equation Group
United States • Active since 1996
Equation Group is widely believed to be the NSA's hacking team. They created incredibly advanced malware that can survive even reformatting your hard drive. Their tools were leaked by Shadow Brokers in 2016-2017.
Overview
Equation Group is a highly sophisticated threat actor widely attributed to the NSA. They developed some of the most advanced malware ever discovered, including capabilities to reprogram hard drive firmware.
Also Known As
EQGRP, Longhorn, The Lamberts
Target Industries
Government, Telecom, Aerospace, Energy, Military
Target Regions
Global, Iran, Russia, Middle East
Is your business exposed?
Tactics, Techniques & Procedures
- • Hard drive firmware infection
- • Air-gap jumping via USB
- • Zero-day exploitation
- • Covert persistence mechanisms
- • Traffic interception
Known Tools & Malware
EQUATIONDRUG, DOUBLEFANTASY, FANNY, GRAYFISH, EternalBlue
Notable Campaigns
Global Surveillance Operations (1996-2016)
Two decades of sophisticated intelligence collection operations.
Shadow Brokers Leak Aftermath (2017)
Tools leaked led to WannaCry and NotPetya ransomware attacks.
MITRE ATT&CK Techniques
T1542.002, T1091, T1203, T1014, T1040
Defense Recommendations
- 1.
Monitor for leaked Equation Group tools
- 2.
Patch SMB vulnerabilities (EternalBlue)
- 3.
Implement USB device controls
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required