Russian spies extracted NSA exploits from a NSA Contractor’s home PC using Kaspersky Lab software.
According to anonymous sources, a malicious code let hackers steal classified code, documentation and some other sensitive data. The experts suggest that the Kremlin attackers have exploited the security package to identify the sensitive files and pilfer them.
“Hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed the highly classified material and put it on his home computer, according to multiple people with knowledge of the matter.” the Wall Street Journal reads.
“The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab.”
Although the security breach happened in 2015, it was found earlier. According to the specialists, the stolen NSA exploit code and classified documents could be compared with the code included in the Shadow Brokers dump, dating back to 2013.
Kaspersky AV found the NSA exploit while scanning the machines. After detecting the malicious software, the antivirus sent it back to a cloud service to inspect it. In this phase the Russian intelligence exploited the software to establish a backdoor to the computer.
It is still not certain if the Kaspersky company has somehow helped the Russian hackers, or if the hackers have exploited some flaws in Kaspersky software to steal the documents.
There is another possibility, which under the Russian law, the Russian Government forced the Kaspersky team to hack into the PC containing the NSA code and steal it.
The Kaspersky Lab statement denied any involvement immediately:
“Kaspersky Lab has not been provided any evidence substantiating the company’s involvement in the alleged incident reported by the Wall Street Journal on October 5, 2017, and it is unfortunate that news coverage of unproven claims continue to perpetuate accusations about the company.”
“As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight.”
“We make no apologies for being aggressive in the battle against malware and cybercriminals. The company actively detects and mitigates malware infections, regardless of the source, and we have been proudly doing so for 20 years, which has led to continuous top ratings in independent malware detection tests. It’s also important to note that Kaspersky Lab products adhere to the cybersecurity industry’s strict standards and have similar levels of access and privileges to the systems they protect as any other popular security vendor in the U.S. and around the world.”
Due to the fact that the US government banned Kaspersky products from federal computers in September, Kaspersky repeatedly offered up the source code of its products for officials to review.
“It’s a lot harder to beat your opponent when they’re reading your playbook, and it’s even worse when someone on your team gives it to them. If these reports are true, Russia has pulled that off,” the U.S. Senator Ben Sasse, stated.
“The men and women of the US Intelligence Community are patriots; but, the NSA needs to get its head out of the sand and solve its contractor problem. Russia is a clear adversary in cyberspace and we can’t afford these self-inflicted injuries.”
Kaspersky AV may have detected NSA malware being used in the wild, and intentionally or not, have provided the Russian hackers a backdoor to exfiltrate the code.