Chinese researchers attribute ‘top tier’ backdoor to NSA Equation Group – Security
Kelly Choos
2 min read
Security researchers from the Beijing-based Pangu Lab say they have uncovered evidence showing that an advanced backdoor program used against targets in 45 countries came from the US National Security Agency (NSA) hackers. related to The Equation Group.
The malware, Bvp47, was first discovered in 2013 when Pangu Lab researchers extracted a set of advanced backdoors or software used for covert remote access and control from a computer running Linux. in a department of the Chinese national government.
Now, Pangu Lab researchers say they have been able to conclude that Bvp47 was part of the NSA-linked cyber arsenal of The Equation Group.
As part of a series of The Equation Group hack file leaks in 2016 and 2017 by The Shadow Brokers, Pangu Lab found an encrypted private digital key that is used to remotely trigger the Bvp47 backdoor.
According to the researchers, the Bvp47 backdoor uses “advanced covert channel behavior based on TCP SYN packets, code obfuscation, system obfuscation, and self-destruct design,” Pangu Lab wrote.
“The tool is well-designed, powerful, and widely applicable. Its network attack capability equipped with 0day vulnerabilities was unstoppable, and its covert-controlled data acquisition was done with little effort,” Pangu Lab said.
Security Researcher Kevin Beaumont mentioned Bvp47 means the cybersecurity industry should realize the importance of misuse of the Enhanced Berkely Packet Filter tool which can be used to fully trace user operations on Linux and Windows without files being written to disk or otherwise revealing behavior.
Calling Bvp47 “the NSA’s leading backdoor”, Pangu Lab claims that it has been used for network intrusion attacks on more than 287 targets in 45 countries.
However, Western security researchers are launching doubts about Pangu Lab’s findings, with famed cryptographer Matthew Green calling the report puzzling.
Slightly confusing document from Pangu Lab, seems to reverse engineer an NSA backdoor from Shadow Brokers leaks. https://t.co/frogNQJTZ5
— Matthew Green (@matthew_d_green) February 23, 2022
Besides American adversaries such as Russia and China, the Bvp47 has also been used against telecommunications operators, universities and military targets in major European countries allied with the West.
Pangu Lab added that The Equation Group “is the world’s leading cyber attack group” that has a “dominant position in confronting cyberspace at the national level”.
