Kaspersky forced to deny source code leak

Antivirus (AV) software supplier Kaspersky has been forced to deny it has been the subject of a cyber attack by Ukrainian hacktivists after claims to this effect appeared on social media on the evening of Thursday 10 March.

The company spoke out after a group of hacktivists known as Network Battalion 65, or NB65 – which may have links to the Anonymous collective – claimed to have leaked Kasperksy’s product source code. In its statement, the group said it would continue its campaign until Russia ceased hostilities against Ukraine (see below).

NB65 is known to have actively participated in previous cyber attacks against Russian state targets in the past two weeks, although the success of these has been disputed by Russian authorities.

BREAKING

Kaspersky leak.@xxNB65 @vxunderground #cybersecurity #infosec @kaspersky pic.twitter.com/ea7ajoerXq

– Dominic Alvieri (@AlvieriD) March 10, 2022

In a statement circulated on Twitter, a Kaspersky spokesperson said the organisation takes security “very seriously”.

“Kaspersky experts have checked recently published information, which allegedly contained the source code of Kaspersky products,” the spokesperson said. “The result of the analysis confirms that claims are unfounded – the leak doesn’t contain the source code of the company’s products. Instead, the dump analysed contains publicly available data from Kaspersky servers.

“The source code of Kaspersky’s products, along with security and AV database updates, software bill of materials, are all available for review in Transparency Centers opened around the world as as part of the Kaspersky Global Transparency Initiative.”

In the fortnight since Russia began its war on Ukraine, Kaspersky has attempted to remain neutral, although its founder, Eugene Kaspersky, was pilloried last week after referring to the illegal war, in which Russia has attacked civilian targets including hospitals, as the “current situation”.

Kaspersky was founded in 1997 in Moscow by Eugene and Natalya Kaspersky and Alexey De-Monderik, although the first version of its software actually dates back to Soviet times. Even though – like many AV companies – its products have at times been accused of being little more than scareware, over the past 25 years, it has become arguably the best-known Russian software company in the world. At the same time, it operates its own well-regarded research and analysis teams and has become a prominent source of threat intelligence and a vocal contributor to the cyber community.

Although it has not attracted the same opprobrium as companies such as Huawei, since the deterioration of western relations with Russia under Vladimir Putin’s dictatorship, it has increasingly been the subject of government attention and restrictions in the west.

In 2017, the US authorities took action against Kaspersky, claiming collusion with the Russian intelligence services, while at the same time the UK’s own National Cyber Security Centre (NCSC) voiced similar concerns over the possibility that Kaspersky could transfer UK data to the Russian government, either willingly or under duress.

Kaspersky has responded to these allegations in part by doubling down on its aforementioned transparency initiatives, opening dedicated facilities that allow the likes of state agencies, national cyber authorities, enterprises and Kaspersky customers to pore over its code, updates, threat detection rules and other technical and business processes. These centres are located variously in Kuala Lumpur, Madrid, São Paolo and Zurich.

As of the end of 2020, it had also removed the data storage and processing activities relating to its core APAC, European and North American markets beyond the purview of the Russian government, relocating them to Switzerland.