After Kaspersky revealed the so-called Equation Group’s HDD-snooping malware, the European Commission says it's “up to member states to take appropriate measures” to deal with cyber-badness on their patches.
With the spyware closely resembling Stuxnet, Kaspersky researchers have concluded that the US National Security Agency is behind it, but the European Commission (EC) would not be drawn on this.
According to Kaspersky, the campaign could have infected tens of thousands of Windows PCs in governments across the world. Their map of victims (pictured above) shows the spyware is active in more than 30 countries, including the UK.
An EC spokesman told El Reg that the EU’s executive arm is well aware of the “threats from cyber-attacks” and pointed out that it is working on a so-called Cybersecurity Directive.
"We have a cyber-attack action plan and tools in place to detect and repulse attempts to infiltrate our network and servers. We have also put on the table an ambitious Network and Information Security Directive, which can help counter such threats. We are confident that the European Parliament and member states will support it because European rules in this field can make our response more robust,” said the source. The negotiations over the NIS directive are ongoing.
Those negotiations will now have to take stock of what Kaspersky calls “the Death Star” of the malware universe. “This is an astonishing technical accomplishment and is testament to the group's abilities,” said Kaspersky in a statement.
The issue is also likely to be raised at the European Parliament’s discussion on the NSA’s electronic mass surveillance of EU citizens next Tuesday. The debate will be a follow-up to the Parliament resolution of last March and will be led by British Labour MEP Claude Moraes. ®