Equation

  • First known sample

    2002
  • Discovery

    2014
  • Number of targets

    100-1000
  • Current status

    Active
  • Type

    Complex cyberattack platform
  • Targeted platforms

    Windows
  • TOP targeted countries

    Afghanistan , CIS , India , Iran , Lebanon , Mali , Pakistan , Russia , Syria , Yemen
  • Connected attacks

  • The way of propagation

    Exploits , Self-replication , USB cables
  • Purpose/Functions

    Cyberespionage , Data wiping , Surveillance
  • Special features
    The ability to infect the hard drive firmware
  • Targets

    Academia/Research , Activists , Aerospace , Diplomatic organizations/embassies , Education , Financial institutions , Government entities , High technology companies , Mass media and TV , Military , Nanotechnology , Nuclear industry , Telecoms , Trade and commerce , Transportation
  • Artefacts/Attribution
    All artifacts are in English, with few Latin words, such as "LUTEUS" and "OBSTOS"
  • Description

    A highly sophisticated threat actor engaged in computer network exploitation operations since at least 2001. They’ve infected thousands of victims throughout the world, including those that represent the government and diplomatic sector, oil and gas industry, and financial and military institutions. They use a powerful set of implants to infect their victims, including one that allows them to reprogram the hard drive firmware of over a dozen different hard drive brands.

    Additional information