Most interesting of all is NLS_933W.DLL, which -- in my view -- represents the "Holy Grail" of malware.
The names called out like beacons from the screen: Samsung; Seagate; Western Digital; Hitachi; Maxtor. Hardware makers were in the crosshairs of the Equation APT group and it was perhaps the worst possible scenario imagined by researchers looking at the frightening and extensive storehouse of capabilities within the attack platform.
The only way to remove nls_933w.dll #TheSAS2015 #EquationAPT pic.twitter.com/zfVE1kKyha
— Fabio Assolini (@assolini) February 16, 2015
By extending its reach into hard drive firmware, for example, this espionage gang had perpetual persistence on compromised machines. No matter of clean-up efforts could scrub module nls_933w.dll from hardware. None.
“This is an ultimate persistence mechanism, and it has the ultimate resilience to removal. This is a next level of persistence never seen before,” said Vitaly Kamluk, principal security researcher with Kaspersky Lab’s Global Research and Analysis Team...
Matthew Braga offers some additional detail:


















