A report released Monday by Russian software company Kaspersky Lab finds that more than 500 computers in 30 countries have been infected by a new form of malware.
Security researchers say it is the first time hackers have used a method of reverse engineering to hack into the computers’ hard drives, or “firmware,” code that operates beneath the surface of a device. Because of the hack’s scope, sophistication, targeted nature and similarities to the Stuxnet attack on Iranian centrifuges, security researchers suspect it is the work of a state actor such as the National Security Agency.
The hack targeted hard drives made by more than a dozen companies, essentially the entire hard drive market.
Stephen Cobb, senior security researcher at ESET North America, says that hacking firmware can be particularly effective because it is so hard to eliminate.
It’s also particularly challenging to do, says Jean Taggart, security researcher at Malwarebytes. “Doing this on just one brand of hard drive would be an almost Herculean task,” he says. “You have to understand the hardware as well–if not more–than the original manufacturer.”
Vincent Liu, a former NSA analyst and partner at security consultancy Bishop Fox, says the hard-drive makers will now have to pay not only to secure their systems, but to demonstrate that security to foreign customers.