Moscow-based cyber safety trouble solid Kaspersky Lab on Th published the results of its ain internal investigation claiming the NSA worker who took classified documents abode had a personal abode estimator overwhelmed amongst malware.
According to the latest Kaspersky report, the telemetry information its antivirus collected from the NSA staffer's abode estimator contained large amounts of malware files which acted equally a backdoor to the PC.
The study also provided to a greater extent than details almost the malicious backdoor that infected the NSA worker's estimator when he installed a pirated version of Microsoft Office 2013 .ISO containing the Mokes backdoor, also known equally Smoke Loader.
Backdoor On NSA Worker's PC May Have Helped Other Hackers Steal Classified Documents
This backdoor could convey allowed other hackers to bag classified documents in addition to hacking tools belonging to the NSA from the auto of the employee, who worked for the Tailored Access Operations (TAO) grouping of hackers at the agency.
For those unaware, U.S. of America has banned Kaspersky antivirus software from all of its authorities computers over suspicion of Kaspersky's interest amongst the Russian intelligence way in addition to spying fears.
Though there's no substantial evidence even thence available, an article published past times US intelligence way WSJ terminal calendar month claimed that Kaspersky Antivirus helped Russian authorities hackers steal highly classified documents in addition to hacking tools belonging to the NSA inwards 2015 from a staffer's abode PC.
However, the article, which quoted multiple anonymous sources, failed to supply whatever solid evidence to bear witness if Kaspersky was intentionally involved amongst the Russian spies or precisely about hackers merely exploited precisely about zero-day põrnikas inwards the Antivirus product.
Kaspersky lives upward to its claims that its antivirus software detected in addition to collected the NSA classified files equally component subdivision of its normal functionality, in addition to has rigorously denied allegations it passed those documents onto the Russian government.
Now, inwards the recent study published past times the anti-virus trouble solid said betwixt September 11, 2014, in addition to Nov 17, 2014, Kaspersky Lab servers received confidential NSA materials multiple times from a poorly secured estimator located inwards the United States.
The company's antivirus software, which was installed on the employee's PC, discovered that the files contained malware used past times Equation Group, a 14-year-old NSA's elite hacking grouping that was exposed past times Kaspersky inwards 2015.
Kaspersky Claims it Deleted All NSA Classified Files
Besides confidential material, the software also collected 121 split malware samples (including a backdoor) which were non related to the Equation Group.
The study also insists that the fellowship deleted all classified documents in 1 lawsuit 1 of its analysts realized that the antivirus had collected to a greater extent than than malicious binaries. Also, the fellowship in addition to thence created a particular software tweak, preventing those files from beingness downloaded again.
"The argue nosotros deleted those files in addition to volition delete like ones inwards the time to come is two-fold; nosotros range non ask anything other than malware binaries to amend protection of our customers in addition to secondly, because of concerns regarding the treatment of potential classified materials," Kaspersky Lab study reads.
"Assuming that the markings were real, such information cannot in addition to volition non [be] consumed fifty-fifty to range detection signatures based on descriptions."
Trojan Discovered on NSA Worker's Computer
The backdoor discovered on the NSA staffer's PC was truly a Trojan, which was after identified equally "Smoke Bot" or "Smoke Loader" in addition to allegedly created past times a Russian criminal hacker inwards 2011. It had also been advertised on Russian cloak-and-dagger forums.
Interestingly, this Trojan communicated amongst the command in addition to command servers obviously railroad train past times a Chinese private going past times the hollo "Zhou Lou," using the electronic mail address "zhoulu823@gmail.com."
Since executing the malware would non convey been possible amongst the Kaspersky antivirus enabled, the staffer must convey disabled the antivirus software to range so.
"Given that organization owner's potential clearance level, the user could convey been a prime number target of nation states," the Kaspersky study reads.
"Adding the user's apparent ask for cracked versions of Windows in addition to Office, pitiable safety practices, in addition to improper treatment of what appeared to hold upward classified materials, it is possible that the user could convey leaked information to many hands."More details on the backdoor tin terminate hold upward flora access to its antivirus source code in addition to paying large põrnikas bounties for safety issues discovered inwards its products.
