Equation is a sophisticated threat group that employs multiple remote access tools. The group is known to use zero-day exploits and has developed the capability to overwrite the firmware of hard disk drives. [1]

ID: G0020
Version: 1.1

Techniques Used

EnterpriseT1109Component FirmwareEquation is known to have the capability to overwrite the firmware on hard drives from some manufacturers.[1]
EnterpriseT1480Execution GuardrailsEquation has been observed utilizing environmental keying in payload delivery.[2][1]
EnterpriseT1120Peripheral Device DiscoveryEquation has used tools with the functionality to search for specific information about the attached hard drive that could be used to identify and overwrite the firmware.[1]