MOSCOW (Sputnik) — Kaspersky Lab said it had conducted a review of its telemetry logs in relation to the reported incident and brought up a similar case from 2014 when its antivirus stumbled upon what appeared to be a malware source code file used by Equation Group, a hacking operation suspected of having NSA ties.
What actually happened in 2014/215 — our investigative analysis here: https://t.co/Ye7nnpaLhr #InfoSec pic.twitter.com/mARPbccZED
— Kaspersky Lab (@kaspersky) 25 октября 2017 г.
"The archive itself was detected as malicious and submitted to Kaspersky Lab for analysis, where it was processed by one of the analysts. Upon processing, the archive was found to contain multiple malware samples and source code for what appeared to be Equation malware," the firm said in a statement.
According to Kaspersky Lab, the user involved turned off the antivirus program, installed pirated software, got infected and, when the antivirus was turned back on, it detected and automatically sent the file with the new, unknown samples of malware for analysis.
The finding was reported to CEO Eugene Kaspersky, who ordered to delete the archive "from all our systems." The archive had never been shared with any third party and no similar upload had been made from the user’s computer, the company stressed.
The Moscow-based company announced Equation Group's discovery in February 2015, saying it had been active since at least 2001, with more than 60 actors. It said personal computers in 30 countries were found to have been infected with one or more spying programs.
Invitation for Kaspersky to Testify
The US House of Representatives committee on technology may invite Kasperksy Lab's chief executive to testify at a hearing on the software firm’s alleged spying, Darin LaHood, the chair of the oversight subcommittee has said.
"We are open to that in the future… We have to wait and see on what else he [Eugene Kaspersky] says. We've just touched the surface," LaHood told RIA Novosti after Wednesday’s hearing, at which the company's representatives were not present.
"I think there is a lot of distrust in Mr. Kaspersky and his whole organization. At least I'm speaking for myself. There is a lot of distrust and I don't think people [are] putting a lot of faith in what he has said to this committee and our investigators," LaHood confessed.
The Kaspersky CEO told Sputnik in early October he was ready to appear in Congress to answer the questions directly.
The Wall Street Journal reported in early October that in 2015 Russian hackers had stolen classified data from a NSA contractor's personal computer using Kaspersky software. In September, the US Homeland Security Department ordered state agencies to remove Kaspersky products, citing security risks. The firm has denied working for any government.