Equation Equation

  • First known sample

  • Discovery

  • Number of targets

  • Current status

  • Type

    Complex cyberattack platform
  • Targeted platforms

  • TOP targeted countries

    Afghanistan , CIS , India , Iran , Lebanon , Mali , Pakistan , Russia , Syria , Yemen
  • Connected attacks


More about the Equation group, its tactics, techniques, procedures and tools

Learn more
  • The way of propagation

    Exploits , Self-replication , USB cables
  • Purpose/Functions

    Cyberespionage , Data wiping , Surveillance
  • Special features

    The ability to infect the hard drive firmware

  • Targets

    Academia/Research , Activists , Aerospace , Diplomatic organizations/embassies , Education , Financial institutions , Government entities , High technology companies , Mass media and TV , Military , Nanotechnology , Nuclear industry , Telecoms , Trade and commerce , Transportation
  • Artefacts/Attribution

    All artifacts are in English, with few Latin words, such as "LUTEUS" and "OBSTOS"

  • Description

    A highly sophisticated threat actor engaged in computer network exploitation operations since at least 2001. They’ve infected thousands of victims throughout the world, including those that represent the government and diplomatic sector, oil and gas industry, and financial and military institutions. They use a powerful set of implants to infect their victims, including one that allows them to reprogram the hard drive firmware of over a dozen different hard drive brands.

    Additional information