Refuting allegations that its anti-virus product helped Russian spies steal classified files from an NSA employee’s laptop, Kaspersky Lab has released more findings that suggest the computer in question may have been infected with malware.
Moscow-based cyber security firm Kaspersky Lab on Thursday published the results of its own internal investigation claiming the NSA worker who took classified documents home had a personal home computer overwhelmed with malware.
According to the latest Kaspersky report, the telemetry data its antivirus collected from the NSA staffer’s home computer contained large amounts of malware files which acted as a backdoor to the PC.
The report also provided more details about the malicious backdoor that infected the NSA worker’s computer when he installed a pirated version of Microsoft Office 2013 .ISO containing the Mokes backdoor, also known as Smoke Loader.
Backdoor On NSA Worker’s PC May Have Helped Other Hackers Steal Classified Documents
This backdoor could have allowed other hackers to steal classified documents and hacking tools belonging to the NSA from the machine of the employee, who worked for the Tailored Access Operations (TAO) group of hackers at the agency.
For those unaware, United States has banned Kaspersky antivirus software from all of its government computers over suspicion of Kaspersky’s involvement with the Russian intelligence agency and spying fears.
Though there’s no substantial evidence yet available, an article published by US news agency WSJ last month claimed that Kaspersky Antivirus helped Russian government hackers steal highly classified documents and hacking tools belonging to the NSA in 2015 from a staffer’s home PC.
However, the article, which quoted multiple anonymous sources, failed to provide any solid evidence to prove if Kaspersky was intentionally involved with the Russian spies or some hackers simply exploited some zero-day bug in the Antivirus product.
Kaspersky lives up to its claims that its antivirus software detected and collected the NSA classified files as part of its normal functionality, and has rigorously denied allegations it passed those documents onto the Russian government.
Now, in the recent report published by the anti-virus firm said between September 11, 2014, and November 17, 2014, Kaspersky Lab servers received confidential NSA materials multiple times from a poorly secured computer located in the United States.
To read the original article :
https://thehackernews.com/2017/11/kaspersky-nsa-malware.html