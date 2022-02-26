The Chinese cybersecurity firm Pangu Lab published this Wednesday (23) an analysis of Bvp47, a malware that, even though it was first discovered in 2013, has only been fully studied now, in 2022. According to the researchers, the threat is related to the Equation Group, controllers of advanced persistent threats linked to the US National Security Agency (NSA). , the acronym in English).

According to the Pangu Lab study, the Bvp47 sample they studied was obtained in 2013. At the time, they even analyzed the threat, but found that it was a backdoor (undocumented but exploitable vulnerability) of Linux, which required a specific cryptographic key to run — which the researchers did not have.

The map of countries that suffered from Linux malware attacks. (Image: Playback/Pangu Lab)

Without the key, the analysis stalled, until it was found in data leaks carried out by the criminal group Shadow Brokers between 2016 and 2017, which contained tools and exploits zero-day attacks used by the NSA’s cyber-attack team, the Equation Group.

Want to stay on top of the best tech news of the day? Access and subscribe to our new youtube channel, Canaltech News. Every day a summary of the main news from the tech world for you!

Pangu Lab claims that the backdoor created by Bvp47 has been used in 287 organizations from 45 different countries in the last 10 years. Among the sectors affected are the economic, telecommunications and military.

Connections with USA

The threat analysis performed by the Kaspersky system. (Image: Reproduction/Kaspersky)

Pangu Lab also shared the sample with Kaspersky, who used their threat attribution identification tool, the Threat Attribution Engine (KTAE) to identify potential similarities between Bvp47 and other known threats in the cyber world.

As a result of this analysis, the tool stated that 24 of the 483 pieces analyzed matched samples of other viruses with links to the Equation Group, with the most recent one being recorded on January 24, 2022.

With that in mind and knowing how Bvp47 works and the way it creates the backdoor for Linux systems, in addition to the communication that the threat makes between its servers, the researchers at Pangu Lab claim that it can only be the creation of someone with many resources at your disposal.

But after spending 10 years largely undetected, with the publication of the Pangu Lab research, Bvp47 has finally been registered by more security solutions, in part ensuring future protection against this threat.

Source: BleepingComputer