Equation Group

equation-group · primary source: Other · first observed 2000

US · United StatesState-sponsoredModerate confidence

Long-running intrusion set linked by Kaspersky (Feb 2015) to the U.S. NSA's Tailored Access Operations (TAO). Operators behind Stuxnet, Flame, Duqu, Regin, and a series of advanced implants (Fanny, GrayFish, EquationDrug). Tradecraft includes stolen code-signing certificates, multiple Windows zero-days, HDD firmware persistence, and air-gap-bridging via USB.

Aliases

EQGRPOtherTilded TeamOther

Motivations

espionagesabotage

Target sectors

governmenttelecomsenergyresearchnuclear

Target countries

IRRUPKAFINCNSY

Diamond Model

Caltagirone / Pendergast / Betz 2013 — four-vertex attribution framework.

Adversary

Equation Group
United States
espionage
sabotage

Capability

Infrastructure

—

Victim

government
telecoms
energy
IR
RU
+1 more

MITRE ATT&CK techniques

T1091 T1553.002 T1014 T1542.003

Timeline

0 events

No timeline events recorded yet.

Indicators of compromise

0 indicators

No indicators of compromise have been cataloged for this actor yet.

Related actors

shared ATT&CK techniques

No other tracked actor shares ATT&CK techniques with this one.

References

cite this page

Threat Intel Tracker. (2026-05-19). Equation Group — actor profile. Retrieved from https://threatintel.local/actors/equation-group

no cited activity