Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Kaspersky Says Pirated Microsoft Software, Not Its Antivirus, Enabled NSA Hack
#1
http://news.softpedia.com/news/kaspersky...8596.shtml Kaspersky Says Pirated Microsoft Software, Not Its Antivirus, Enabled NSA Hack
Investigation reveals system stored infected Office docs
Nov 17, 2017 06:57 GMT · By Bogdan Popa ·
Kaspersky Labs has published the results of its investigation following claims that its antivirus software was used in an attack aimed at an NSA employee and which led to several classified documents being stolen from the targeted computer.

Original reports coming from US-based media indicated that Kaspersky’s antivirus was running on the NSA worker’s home computer, allowing what were believed to be Russian spies to access the machine and steal documents belonging to NSA’s hacking unit called the Equation Group.

Attack took place in 2014, not 2015
In its report, Kaspersky explains that an internal forensic analysis revealed that an attack aimed at the NSA employee’s computer was indeed successful, but it did not take place in 2015, as the original media outlets indicated, but between September and November 2014.

Furthermore, Kaspersky says, the successful cyberattack led to the source code for Equation Group malware being stolen, with the security vendor adding that this could be an indication the computer itself was being used by someone who was part of this particular NSA unit.

But when it comes to software that facilitated the hack, Kaspersky says it wasn’t its antivirus that allowed cybercriminals to breach into system, but pirated Microsoft software.

NSA worker tried to use pirated Office
It appears the user downloaded and installed a pirated copy of Microsoft Office 2013 and used a key generator to bypass the activation process. Kaspersky Antivirus, which was indeed installed on the system, was disabled manually by the user in order to activate the pirated copy of Microsoft Office, as illegal key generators are typically blocked by security software.

“The illegal activation tool contained within the Office ISO was infected with malware. The user was infected with this malware for an unspecified period while the Kaspersky Lab product was inactive. The malware consisted of a full-blown backdoor which could have allowed other third-parties to access the user’s machine,” Kaspersky says.

The security firm says its antivirus detecting the malware when it was re-enabled, adding that the Backdoor.Win32.Mokes.hvl system infection was used to call out to a known command and control server. The detection took place on October 4, 2014, the firm says.

Kaspersky says some of NSA’s files ended up on its servers after the antivirus system detected a 7Zip archive infected with the malware. As per the antivirus policy, infected files were uploaded to Kaspersky for further analysis. When discovering the classified docs, Kaspersky decided to delete the files, it says, but the “archive was not shared with any third parties.”

Kaspersky is currently banned on computers used by the US government on claims that it helped Russian spies launch attacks against American targets.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Bitdefender Wins Editors’ Choice at PCMag – ‘The Best Antivirus Software for 2023’ mrtrout 0 512 02-08-2023 , 04:27 PM
Last Post: mrtrout
  Are You Cool With Your Antivirus Software Bundling A Crypto Miner? mrtrout 0 572 01-18-2022 , 02:45 AM
Last Post: mrtrout
  Now-fixed Linux kernel vulnerabilities enabled local privilege escalation (CVE-2021-2 Bjyda 0 967 03-05-2021 , 12:27 AM
Last Post: Bjyda
  Google Wants Chrome to Play Nice with Windows 10 Antivirus Software mrtrout 0 1,044 12-01-2020 , 02:34 AM
Last Post: mrtrout
  Antivirus Software Flagging Dell Drivers as Malware mrtrout 0 1,137 11-12-2020 , 04:14 AM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)