Equation Group

πŸ”΄ High
Also known as: Tilded Team, EQGRP, G0020, Equation Group, Housefly, Remsec, 方程式 - APT-C-40

The Equation Group is a highly sophisticated threat actor described by its discoverers at Kaspersky Labs as one of the most sophisticated cyber attack groups in the world, operating alongside but always from a position of superiority with the creators of Stuxnet and Flame

🌍 Country United States
⚑ Risk Level High
🎯 Incident Type Espionage
Government Military

Targeted Victims

Iran Afghanistan Syria Yemen Kenya Russia India Mali Algeria United Kingdom Pakistan China Lebanon United Arab Emirates Libya

Associated Operations

Socialist Olympic Games / Stuxnet Project Sauron / Strider Triangulation

Introduction

The Equation Group is a highly sophisticated threat actor described by its discoverers at Kaspersky Labs as one of the most sophisticated cyber attack groups in the world, operating alongside but always from a position of superiority with the creators of Stuxnet and Flame

Activities and Tactics

Targeted Sectors: Government, Military

Country of Origin: πŸ‡ΊπŸ‡Έ United States

Risk Level: High

Incident Type: Espionage

Suspected Victims: Iran, Afghanistan, Syria, Yemen, Kenya, Russia, India, Mali, Algeria, United Kingdom…

Notable Campaigns

  • Socialist
  • Olympic Games / Stuxnet
  • Project Sauron / Strider
  • Triangulation

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • Flame
  • CyberGate
  • Cyber Eye RAT
  • Regin:
  • EquationLaser:
  • EquationDrug:
  • DoubleFantasy:
  • TripleFantasy:
  • Fanny:
  • Grayfish:
  • RemSec:
  • Gauss:
  • Apple iOS 0days:

Attribution and Evidence

Country of Origin: United States Additional attribution information pending cataloguing.

References

References pending cataloguing.