Kaspersky found NSA malware through proprietary security software scan on private PC
Kaspersky has released preliminary results of its own investigation launched after media reports that an NSA employee had been hacked through his software. The company now claims it found NSA malware through a scan on a private PC.
Kaspersky writes that it has conducted an extensive investigation of its telemetry logs after media reported that hackers had stolen NSA malware via security software from the home computer of a subcontractor working for the US security service. According to previous reports, that happened in 2015, but Kaspersky now reports that it is only aware of an incident in 2014. The investigation focused on this incident, which revealed that Kaspersky had indeed detected NSA malware on a US home computer.
This happened to a user who participated in the Kaspersky Security Network, with which the company collects information from its users to, for example, detect new forms of malware. In addition, the user concerned had enabled the automatic submission of new samples. From the log files, Kaspersky determined that the user downloaded a keygen for Microsoft Office and ran it while disabling the security software.
It turned out that the keygen contained a backdoor, as the Kaspersky software was later re-enabled to detect and block the malware. The user then ran several scans of his system, during which the software discovered new and unknown NSA malware. Underneath was a 7zip archive that was sent in its entirety to Kaspersky for analysis. It contained various samples and source code of NSA malware. Following a report to Kaspersky’s CEO, the malware was removed from all Kaspersky systems. After that, no other incidents are said to have occurred and no intruder on Kaspersky’s networks has been detected, apart from the incident that was already known.
Kaspersky announced in 2015 that it had found a hacker group with possible ties to the NSA, also known as the Equation Group. The malware that the company detected also attributes it to this group. The software of the Russian security company is no longer in use by the American government for fear that the Russian government would spy with it. Major American chains such as Best Buy have also stopped selling. Kaspersky denies the allegations of aiding espionage.