Threat Management, Threat Intelligence

Russian hackers used Kaspersky software to gain info on U.S. intel

Israel's discovery that Russian hackers had used Kaspersky Lab's antivirus software to search computers worldwide for information on U.S. intelligence programs prompted the U.S. government in September to ban the security company's software from all federal agencies. 

Russia's efforts were uncovered by the country's intelligence officers who hacked into Kaspersky's networks and spied on the Russian spies in real time, the New York Times reported

While it's not known the extent of the information the hackers gleaned, the Times cited sources as saying that they did successfully pilfer classified data from the home computer of a National Security Agency (NSA) worker outfitted with Kaspersky AV software. 

Simon Gibson, fellow security architect, Gigamon, called the latest development "shocking because Kaspersky published hard work for the betterment of network defense." If proven true, "they'll probably go out of business," said Gibson, who added that he finds "it difficult to believe that a company would do so much work only to risk everything unless there was something held over them or they were somehow at great risk not working with FSB."

Reiterating that “Kaspersky Lab has never helped, nor will help, for any government in the world with its cyberespionage efforts, and contrary to erroneous reports, Kaspersky Lab software does not contain any undeclared capabilities such as backdoors as that would be illegal and unethical," the company said in a statement that it “was not involved in and does not possess any knowledge of the situation in question."

The company said that it is "confident" it had "identified and removed all of the infections that happened during" the Duqu2 "sophisticated cyberattack of which Kaspersky Lab was not the only target," despite "unverified assertions that this situation relates to Duqu2." The company noted that it had "publicly reported the attack, and ...offered its assistance to affected or interested organizations to help mitigate this threat."

Expressing concerns that Russian company Kaspersky Lab has connections to cyberespionage activities, the U.S. government banned the use of Kaspersky Lab security software, according to a binding order released by Department of Homeland Security (DHS) Acting Secretary Elaine Duke.

The order gave federal agencies three months to inventory and remove the software.

In its statement the company repeated that it was willing "to work alongside U.S. authorities to address any concerns they may have about its products as well as its systems, and respectfully requests any relevant, verifiable information that would help the company in its own investigation to certifiably refute the false accusations."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.