Group: Equation

From ATT&CK
Jump to: navigation, search
Equation
Group
ID G0020
Aliases Equation

Equation is a sophisticated threat group that employs multiple remote access tools. The group is known to use zero-day exploits and has developed the capability to overwrite the firmware of hard disk drives.1

Techniques Used

  • Component Firmware - The Equation group is known to have the capability to overwrite the firmware on hard drives from some manufacturers.1
  • Peripheral Device Discovery - Equation contains functionality to search for specific information about the attached hard drive that could be used to identify and overwrite the firmware.1