Feb 17, 2015 · 1 minute

A new report claims the United States has found a way to infect computers targeted for surveillance with malware that is almost impossible to detect and even harder to remove.

Kaspersky Lab says in its report that a threat actor known as the Equation Group made this possible by infecting firmware used in hard drives made by the world's top manufacturers.

Firmware allows a computer's hardware and software to communicate. Without it, a device can't function, and many antivirus or information security tools can't scan it for malware.

Yet even if this malware is discovered, residing in the firmware allows it to reinstall itself even if the hard drive is wiped clean, making it nigh impossible to remove from a computer.

Some have warned that Kaspersky's report means "we must now assume" every computer in the world "has been compromised" by the Equation Group and for whomever it works.

The antivirus company didn't identify the Equation Group's base of operations, but outside reports show that the group is probably connected to the National Security Agency, mostly because of similarities between the Equation Group's malware and various NSA programs.

That would make sense. Kaspersky says in its report that the Equation Group "surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades." The NSA is renowned for its focus on offensive cyber tools.

The Wall Street Journal notes that Kaspersky's report is perhaps one of the biggest looks at how the United States uses malware and other technical tools to spy on other countries, making it required reading for security enthusiasts.

[illustration by Brad Jonas]