Israel hackers caught Russian cyber spies abusing Kaspersky AV to steal NSA secrets

Pierluigi Paganini October 11, 2017

Israeli hackers compromised the Kaspersky infrastructure and caught Russian spies using AV tool to harvest NSA exploits. Kaspersky was not aware of the hack.

There is still a heated discussion about the alleged hack of Kaspersky’s antivirus and its use to steal an NSA exploit from a US subcontractor.

Explosive new revelations put at risk the US-Israeli cooperation.

Israeli cyber spies looked on as Russian state-sponsored hackers breached Kaspersky software two years ago to gather data on US intelligence programs.

The Israeli agents discovered the Russian offensive after they also hacked into the Kaspersky software. This revelation clarifies the position of the security firm that was aware that its software was hacked by the intelligence agencies.

Last month, the US government decided to stop using the Russian firm’s software on its computers.

The Israelis reported the discovery to the US intelligence, in response, the US Government banned the Russian firm solutions from US Government agencies.

“It was a case of spies watching spies watching spies: Israeli intelligence officers looked on in real time as Russian government hackers searched computers around the world for the code names of American intelligence programs.” reported The New York Times.

“The Israeli officials who had hacked into Kaspersky’s own network alerted the United States to the broad Russian intrusion, which has not been previously reported, leading to a decision just last month to order Kaspersky software removed from government computers.”

The Russian operation that allowed to steal classified documents from an NSA employee who had stored them on his PC running Kaspersky’s antivirus software had been described by “multiple people who have been briefed on the matter”.

The Russian hackers hacked Kaspersky’s servers to harvest any code detected by the antivirus that matched known indicator of compromises for NSA exploits.

“The role of Israeli intelligence in uncovering [the Kaspersky] breach and the Russian hackers’ use of Kaspersky software in the broader search for American secrets have not previously been disclosed,” the NYT reported.

The NSA, the White House and both Israeli and Russian embassies have not commented on the matter.

Kaspersky has published a statement claiming it is not involved in the Russian operation and confirmed it was victims of the events.

“As the integrity of our products is fundamental to our business, Kaspersky Lab patches any vulnerabilities it identifies or that are reported to the company,” the statement said.

“Kaspersky Lab reiterates its willingness to work alongside US authorities to address any concerns they may have about its products as well as its systems, and respectfully requests any relevant, verifiable information that would enable the company to begin an investigation at the earliest opportunity.”

At the time it is not clear what information was exfiltrated by the Russian hackers, and probably we will never know it, but it seems that Kremlin’s cyber spies remained into corporate network for two years.

Eugene Kaspersky announces an internal investigation about the facts were reported by the media.

Kaspersky hacked by Russian hackers

In 2015, Kaspersky detected a sophisticated cyber attack against its infrastructure, hackers leveraged a sophisticated strain of malware tracked as Duqu.

Experts linked Duqu to the Tilded Platform, the same factory behind Stuxnet that was known to have been developed by Israel and US.

Researchers with Kaspersky named the platform “Tilded” because many of the files in Duqu and Stuxnet have names beginning with the tilde symbol “~” and the letter “d.”

The security firm was also infected by the Duqu 2.0 spyware, which was once again linked to the American-Israeli-developed Stuxnet malware.

In response to the recent revelation on the Kaspersky hack, Symantec CEO Greg Clark told Reuters that his company will no longer let governments inspect its source code.

Other concerns are related to fact that HPE allowed Russians to review the code of ArcSight software also used by the Pentagon.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – cyber espionage, Russian cyber spies)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment