Equation
Equation is a sophisticated threat group that employs multiple remote access tools. The group is known to use zero-day exploits and has developed the capability to overwrite the firmware of hard disk drives.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low0.1
Low signal strength
Mentions1
Sources0
High conf.0
Last seenMay 2026
First observed
2017-05-31
Last active
—
Origin
United States — widely suspected NSA/TAO affiliation, no formal confirmation
Aliases
1
Techniques
4
Campaigns
0
United States — widely suspected NSA/TAO affiliation, no formal confirmationdisputed confidence
Attribution signals
1 mention · 0 sources#1unspecified
MalwareTTP match
antiy
May 2026