Not long ago, Kaspersky, one of the most renowned security firms, was accused of hacking theft of top-secret US intelligence materials. This cyber-espionage mystery has rocked the US intelligence community.
Today, the embattled computer security firm Lab made an official announcement saying that malware-infected Microsoft Office software was responsible for whatever happened.
They also revealed that there was a China link to the hack.
It was first reported on October 5 by the Wall Street Journal that it has been confirmed by alleged links to Russian intelligence that someone did apparently steal valuable National Security Agency programs from an NSA worker’s home computer. The Journal said the person had top secret files and programs from the NSA hacking unit called the Equation Group on his computer. He was using Kaspersky software protection on that computer.
As a result of that, the US government has officially banned the Moscow-based anti-virus software from being used on government computers. It’s believed by the US that Russian spies used the Kaspersky program to steal those files. It has reportedly caused deep damage to the NSA’s own cyber-espionage operations.
The US accused Kaspersky of knowingly or unknowingly helping the Russian intelligence in the theft. Kaspersky sold more than $600 million of anti-virus software globally in 2015. This accusation has effectively killed its US business and hurt its worldwide reputation for sure.
Kaspersky did the forensic analysis and declared that the NSA worker’s computer breach occurred between September and November 2014 instead of 2015, as reported by the Journal. According to them, some essential source code for some Equation Group malware and some classified documents were stolen. Based on the materials claimed the computer apparently belongs to someone who is involved in creating malware for the Equation Group. The company claimed, the computer to be infected by other malware, including a Russian-made “backdoor tool” hidden in Microsoft Office.
According to Kaspersky, the responsible malware was controlled from a computer server based in Hunan, China. They added that this malware is very much capable of opening a path into the computer for anyone targeting an NSA worker. Kaspersky added that their own software would have successfully detected and removed that malware unless it had been turned off.
They were quoted, “Given that system owner’s potential clearance level, the user could have been a prime target of nation-states. To install and run this malware, the user must have disabled Kaspersky Lab products on his machine.”