March 31 – The US government secretly began warning other American companies the day after Russia attacked Ukraine that Moscow could use software developed by Russian cyber security company Kaspersky to cause damage, according to a senior US official and two people familiar with the matter. matter.
However Kaspersky has condemned the step and called it an unnecessary attempt to defame Russian computer security company in America amid war in order to seek total economic blockage of Russia.
These separate summaries are part of Washington’s comprehensive strategy to prepare key infrastructure providers such as water, telecommunications and energy to accommodate potential Russian citizens.
President Joe Biden said last week the sanctions imposed on Russia for its invasion of Ukraine in Feb. 24 could cause a backlash, including a cyber crash, but the White House did not provide details.
“Risk figures have changed with the Ukrainian conflict,” a senior U.S. official said about Kaspersky’s software. “It’s widespread.”
Kaspersky, one of the makers of anti-virus software in the cybersecurity industry, is headquartered in Moscow and founded by Russian intelligence chief Eugene Kaspersky.
A Kaspersky spokesman said in a statement that the risks associated with the Kaspersky software “would seriously damage” Kaspersky’s reputation “without giving the company the opportunity to respond directly to concerns” and that “it is wrong or wrong.”
A senior U.S. official said Russian Kaspersky employees could be forced to provide or help obtain remote access to their clients’ computers by Russian law enforcement or spies.
Kaspersky, headquartered in the United States, lists partnerships with Microsoft, Intel and IBM on its website. Microsoft declined to comment. Intel and IBM did not respond to comment requests.
On March 25, the Federal Communications Commission added Kaspersky to its list of communications equipment and service providers who saw it as a threat to US national security. Learn more
This is not the first time Washington has claimed that Kaspersky could be influenced by the Kremlin.
Trump officials have spent months blocking Kaspersky from government programs and warning many companies not to use the software in 2017 and 2018.
U.S. security agencies have made a series of similar cybersecurity statements surrounding the Trump ban. The content of those meetings over the past four years has been compared to new forums, says one person familiar with the matter.
Over the years, Kaspersky has repeatedly denied any wrongdoing or secrecy in Russia.
It is not yet clear whether a particular incident or a new piece of intelligence has led to a security forum. The chief executive declined to comment on confidential information.
To date no American or joint intelligence agency has provided direct, public backdoor evidence on Kaspersky software.
Following Trump’s decision, Kaspersky opened a series of publicity stereotypes, in which he said colleagues could review their code to check for malicious activity. The company’s blog at the time explained the goal was to build customer trust in the wake of U.S. allegations.
But a U.S. official said the media was “not even a fig leaf” because it did not address US government concerns.
“Moscow software developers in Moscow are conducting [software] updates, which is where the risk comes in,” they said. “They can send malicious orders through updates and from Russia.”
Cybersecurity experts say that because of the way anti-virus software often works on computers where it is installed, it requires a deep level of control to detect malicious software. This makes anti-virus software a naturally beneficial channel for spyware.
In addition, Kaspersky products are sometimes sold under white label sales contracts. This means that the software can be packaged and renamed to marketing deals with information technology contractors, making it difficult to determine their origin quickly.
Although it did not name Kaspersky by name, the British cybersecurity center on Tuesday said organizations providing Ukrainian-related services or critical infrastructure should consider the risks associated with using Russian computer technology in their supply chains.
“We have no evidence that the Russian government intends to export Russian products and services to cause harm to the UK’s interests, but the lack of evidence is not evidence of a lack,” the National Cyber Security Center said in a blog post.