Russian cybersecurity firm Kaspersky Lab has confirmed that it obtained source code for a National Security Agency (NSA) hacking tool.
The Lab stumbled upon the code in 2014 when the consumer version of its software, installed on a personal computer in the US, flagged a zip file as malicious. During a review of the file’s contents, a Lab analyst found the code for what the company later learned was the Equation Group, an advanced persistent threat tied to the NSA.
The Lab said the software was removed and destroyed.
Tension grows between the US and Russia
Kaspersky Lab downplayed the seriousness of the threat, but it is probably aware that certain parties in the US will try to use this incident to undermine the organization’s reputation. Many in the US are suspicious of Kaspersky Lab because it is based in Russia, and believe the company might be colluding with the Kremlin to spy on the US government.
Although there is little evidence to support that claim, the US government certainly believes it could be true. In September 2017, it decided to remove all Kaspersky Lab software from its computer systems, fearing that the Kremlin could “capitalize on access provided by Kaspersky products to compromise federal information.”
The Lab has repeatedly denied that it has ties to any government, and did so again after discovering the Equation Group. Nonetheless, the Wall Street Journal claimed that the code was given to the Russian government.
The Journal also claimed that the Lab’s programs searched for keywords such as “top secret”, which the Lab denied.
The NSA declined to comment on the Lab’s findings.
Subscribe to our Daily Sentinel for all the latest cybersecurity news and advice.