Malware that infects HDD firmware appears, it turns out that there is no way to escape

Security countermeasure software majorKaspersky (Kaspersky)Announced that "Malware (spyware) of the type that infects basic software (firmware) of HDD made by major manufacturers was found". Due to the mechanism of the system, it is extremely difficult to disinfect this malware with security software.

Equation_group_questions_and_answers.0.pdf
(PDF file)https://cdn1.vox-cdn.com/uploads/chorus_asset/file/3415904/Equation_group_questions_and_answers.0.pdf

Russian researchers expose breakthrough U.S. spying program | Reuters
http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20150216

Kaspersky LabRevealed that he found a new malware that infects HDD firmware and gathers information. An infectious case of this malware was found from PCs in 30 countries such as Iran, Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen, Algeria and so on. This malware was created by a large-scale hacker organization called the Equation group, and the infected targets include government agencies, military agencies, telecommunications companies, financial institutions, nuclear power researchers, media organizations,IslamismActivists and others are included.


Since HDD firmware is a basic program that runs before OS such as Windows starts, it is theoretically difficult to delete infected malware with security software. Of course, the problem is not solved when formatting (initializing) the HDD, furthermore there is even the possibility that the encryption function controlled by the OS will break through.

According to Kaspersky, this malware is found on storage sold by major manufacturers such as Western Digital, Seagate, Toshiba, IBM, Micron, Samsung and others. For Reuters' interview, Western Digital, Seagate and Micron responded that they do not have information on this malware, and Toshiba and Samsung refused to answer. It seems that they did not respond to IBM.


According to Kaspersky's Costin Raew, it is impossible to rewrite HDD firmware by making use of publicly available information. Also, although I avoided the specific country name of the United States from the similarity with the spyware "Stuxnet" developed by NSA for the purpose of attacking Iran's uranium enrichment facility, behind the Equation groupNSAKaspersky suggests that it exists.