Moscow-based cyber safety theatre Kaspersky Lab on Th published the results of its ain internal investigation claiming the NSA worker who took classified documents domicile had a personal domicile estimator overwhelmed alongside malware.
According to the latest Kaspersky report, the telemetry information its antivirus collected from the NSA staffer's domicile estimator contained large amounts of malware files which acted every bit a backdoor to the PC.
The study also provided to a greater extent than details nearly the malicious backdoor that infected the NSA worker's estimator when he installed a pirated version of Microsoft Office 2013 .ISO containing the Mokes backdoor, also known every bit Smoke Loader.
Backdoor On NSA Worker's PC May Have Helped Other Hackers Steal Classified Documents
This backdoor could bring allowed other hackers to bag classified documents together with hacking tools belonging to the NSA from the automobile of the employee, who worked for the Tailored Access Operations (TAO) grouping of hackers at the agency.
For those unaware, U.S. has banned Kaspersky antivirus software from all of its authorities computers over suspicion of Kaspersky's interest alongside the Russian intelligence means together with spying fears.
Though there's no substantial evidence nonetheless available, an article published past times US tidings means WSJ final calendar month claimed that Kaspersky Antivirus helped Russian authorities hackers steal highly classified documents together with hacking tools belonging to the NSA inwards 2015 from a staffer's domicile PC.
However, the article, which quoted multiple anonymous sources, failed to furnish whatever corporation evidence to evidence if Kaspersky was intentionally involved alongside the Russian spies or approximately hackers precisely exploited approximately zero-day põrnikas inwards the Antivirus product.
Kaspersky lives upward to its claims that its antivirus software detected together with collected the NSA classified files every bit share of its normal functionality, together with has rigorously denied allegations it passed those documents onto the Russian government.
Now, inwards the recent study published past times the anti-virus theatre said betwixt September 11, 2014, together with Nov 17, 2014, Kaspersky Lab servers received confidential NSA materials multiple times from a poorly secured estimator located inwards the United States.
The company's antivirus software, which was installed on the employee's PC, discovered that the files contained malware used past times Equation Group, a 14-year-old NSA's elite hacking grouping that was exposed past times Kaspersky inwards 2015.
Kaspersky Claims it Deleted All NSA Classified Files
Besides confidential material, the software also collected 121 split malware samples (including a backdoor) which were non related to the Equation Group.
The study also insists that the society deleted all classified documents ane time ane of its analysts realized that the antivirus had collected to a greater extent than than malicious binaries. Also, the society together with thus created a especial software tweak, preventing those files from existence downloaded again.
"The argue nosotros deleted those files together with volition delete like ones inwards the futurity is two-fold; nosotros attain non involve anything other than malware binaries to amend protection of our customers together with secondly, because of concerns regarding the treatment of potential classified materials," Kaspersky Lab study reads.
"Assuming that the markings were real, such information cannot together with volition non [be] consumed fifty-fifty to create detection signatures based on descriptions."
Trojan Discovered on NSA Worker's Computer
The backdoor discovered on the NSA staffer's PC was truly a Trojan, which was afterward identified every bit "Smoke Bot" or "Smoke Loader" together with allegedly created past times a Russian criminal hacker inwards 2011. It had also been advertised on Russian undercover forums.
Interestingly, this Trojan communicated alongside the command together with command servers patently laid past times a Chinese private going past times the yell "Zhou Lou," using the electronic mail address "zhoulu823@gmail.com."
Since executing the malware would non bring been possible alongside the Kaspersky antivirus enabled, the staffer must bring disabled the antivirus software to attain so.
"Given that organisation owner's potential clearance level, the user could bring been a prime number target of nation states," the Kaspersky study reads.
"Adding the user's apparent involve for cracked versions of Windows together with Office, pitiful safety practices, together with improper treatment of what appeared to last classified materials, it is possible that the user could bring leaked information to many hands."More details on the backdoor tin give notice last constitute access to its antivirus source code together with paying large põrnikas bounties for safety issues discovered inwards its products.
Share This :
comment 0 Comments
more_vert