Kaspersky says it detected infections with DarkPulsar, alleged NSA malware

Kaspersky Lab said that it has detected computers infected with DarkPulsar, a malware implant that has been allegedly developed by the US National Security Agency (NSA). “All victims were located in Russia, Iran, and Egypt, and typically Windows 2003/2008 Server was infected,” the company said. “Targets were related to nuclear energy, telecommunications, IT, aerospace, and R&D.”

Kaspersky researchers were able to analyze DarkPulsar because it was one one of the many hacking tools that were dumped online in the spring of 2017. The hacking tools were leaked by a group of hackers known as the Shadow Brokers, who claimed they stole them from the Equation Group, a codename given by the cyber-security industry to a group that’s universally believed to be the NSA.

Read more about the recent detections of DarkPulsar malware on ZDNet.

Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief