Hacker News new | ask | show | jobs
Equation Group Tools (github.com)
52 points by 7ero 1028 days ago
3 comments
yding 1028 days ago
Should go without saying to run these only in the most secure sandbox you can find?
link
runnerup 1028 days ago
Absolutely. Though IIRC this leak is 6 years old and has already been reasonably well-studied by a lot of very smart people. I don't think any of these were technically even "zero-days", and I'd expect windows/linux to be patched against them now.

Even at the time these wouldn't have been as severe as "only run on an air gapped computer and burn the computer afterwards". That type of technology wouldn't be part of a leak like this, but given the amount of undocumented opcodes in various silicon (processors, BMC, TPMs, etc) I wouldn't be surprised if it did exist.

link
fullspectrumdev 1028 days ago
A large amount of the leaked files are still poorly documented, particularly the nix stuff.

The Eternal stuff for windows kind of captured everyone’s attention, but a LOT of the older Unix tools were ignored for the most part.

There’s a lot of neat tricks to be learned by reversing them - even today.

link
mjfl 1028 days ago
since these things seem to target individual applications - is this an argument that security through obscurity i.e. writing your own (shitty) servers and such has a security benefit?
link
bediger4000 1028 days ago
Which APT is this?
link
halJordan 1028 days ago
Equation Group was discovered & named in 2015 by kaspersky due to their pervasive use of encryption, kaspersky identified them as actors related to the people who produced stuxnet and flame (which also implicates regin).

They are G0020 in the mitre att&ck framework

link
runnerup 1028 days ago
NSA, part of USA government[0]

0: https://en.wikipedia.org/wiki/Equation_Group

link