Equation Group Tools
github.comShould go without saying to run these only in the most secure sandbox you can find?
Absolutely. Though IIRC this leak is 6 years old and has already been reasonably well-studied by a lot of very smart people. I don't think any of these were technically even "zero-days", and I'd expect windows/linux to be patched against them now.
Even at the time these wouldn't have been as severe as "only run on an air gapped computer and burn the computer afterwards". That type of technology wouldn't be part of a leak like this, but given the amount of undocumented opcodes in various silicon (processors, BMC, TPMs, etc) I wouldn't be surprised if it did exist.
A large amount of the leaked files are still poorly documented, particularly the nix stuff.
The Eternal stuff for windows kind of captured everyone’s attention, but a LOT of the older Unix tools were ignored for the most part.
There’s a lot of neat tricks to be learned by reversing them - even today.
since these things seem to target individual applications - is this an argument that security through obscurity i.e. writing your own (shitty) servers and such has a security benefit?
Which APT is this?
Equation Group was discovered & named in 2015 by kaspersky due to their pervasive use of encryption, kaspersky identified them as actors related to the people who produced stuxnet and flame (which also implicates regin).
They are G0020 in the mitre att&ck framework
NSA, part of USA government[0]