Israel Spotted Russian Spies Using Kaspersky AV to Hack US: Report

Written by

Kaspersky Lab has denied any knowledge of or involvement in an alleged Russian state campaign to steal US intelligence documents using its anti-virus software, which was spotted by Israeli spies.

Israeli intelligence hacked the Russian AV company in 2014 in what the firm subsequently dubbed Duqu 2.0 attacks, when it discovered the breach of its systems months later.

The Israelis allegedly installed multiple backdoors and info-stealing tools in a bid to gather intelligence on a UN-Iran nuclear deal from hotels and conference rooms used by the Security Council to discuss the deal.

However, until now unknown was the fact that Israeli intelligence discovered evidence that Kremlin hackers were also using Kaspersky Lab’s tools to scan for and steal information on top secret US government programs.

This operation apparently resulted in the theft of classified material from a contractor using Kaspersky Lab software at home, but not the hugely damaging leak of Equation Group tools to the Shadow Brokers hackers.

The Israelis passed this information on to their counterparts in the NSA, leading ultimately to the federal ban on Kaspersky Lab, according to the New York Times.

However, in a statement sent to Infosecurity, the Russian security firm claimed it “was not involved in and does not possess any knowledge of the situation in question.”

It added:

“As the integrity of our products is fundamental to our business, Kaspersky Lab patches any vulnerabilities it identifies or that are reported to the company. Kaspersky Lab reiterates its willingness to work alongside US authorities to address any concerns they may have about its products as well as its systems, and respectfully requests any relevant, verifiable information that would help the company in its own investigation to certifiably refute the false accusations.

“With regards to unverified assertions that this situation relates to Duqu2, a sophisticated cyber-attack of which Kaspersky Lab was not the only target, we are confident that we have identified and removed all of the infections that happened during that incident. Furthermore, as the article itself notes, Kaspersky Lab publicly reported the attack, and the company offered its assistance to affected or interested organizations to help mitigate this threat.”

The firm maintained that its software doesn’t contain any 'undeclared' capabilities such as backdoors and that it has never helped any government with its cyber-espionage efforts.

What’s hot on Infosecurity Magazine?