Image Source: Visual China
BEIJING, February 23 (TMTPOST) — Pangu Lab, a Chinese research team specializing in cybersecurity, discloses details of a top-tier backdoor hacking tool of the United States National Security Agency (NSA) Equation Group in a blog post on its official site.
The backdoor codenamed Bvp47, also named “Operation Telescreen” by Pangu Lab, is said to have infiltrated 287 targets in 45 countries and regions including Russia, Japan, Spain and Italy, working as a monitoring tool. The attack from Operation Telescreen has lasted for over a decade, according to Pangu Lab’s blog post. One victim of the cyberattack operation is used as a jump server for further attack, Pangu Lab said.
“The tool is well-designed, powerful, and widely adapted. Its network attack capability equipped by 0day vulnerabilities was unstoppable, and its data acquisition under covert control was with little effort,” Pangu Lab said. “The Equation Group is in a dominant position in nation-level cyberspace confrontation.”
The Equation Group, classified as an advanced persistent threat, is a highly sophisticated threat actor suspected of being tied to the Tailored Access Operations (TAO) unit of the United States National Security Agency.
Pangu Lab extracted a set of advanced backdoors during an in-depth forensic investigation of a host in a key domestic department in 2013, from which the lab uncovered Bvp47. The lab cracked the check code to the backdoor and tested the backdoor’s behaviors. The lab concluded that it is a top-tier APT backdoor.
Image Source: Pangu Lab
Pangu Lab’s founder Han Zhengguang said that Telescreen Operation is a top-notch backdoor program that allows the Equation Group to move around and acquire information in cyberspace freely.
Telescreen Operation can attack operating systems such as most Linux versions, AIX, Solaris and SUN. It exhibited an advanced level of code obfuscation, system hiding, and self-destruction design, according to Pangu Lab. The backdoor might have existed for nearly 20 years.
Pangu Lab is owned by cybersecurity service provider Qi An Xin Technology (SHA: 688561), which has close connection with software company Qihoo 360. Qihoo 360 sold a 22.59% stake to China Electronics Corporation in April 2019.
关键词: English