U.S. warned firms about Russia’s Kaspersky software day after invasion

According to a senior US official and two people familiar with the subject, the US administration began informally warning some American companies the day after Russia invaded Ukraine that Moscow could modify software produced by Russian cybersecurity company Kaspersky to wreak harm.

The confidential briefings are part of a larger campaign by Washington to prepare essential infrastructure providers such as water, telecommunications, and electricity for possible Russian breaches.

President Joe Biden stated last week that sanctions placed on Russia for its attack on Ukraine on February 24 could result in a reaction, including cyber disruptions, but the White House did not elaborate.

“The risk calculation has changed with the Ukraine conflict,” according to a senior U.S. official regarding Kaspersky’s software. “It has increased.”

President Joe Biden stated last week that sanctions placed on Russia for its attack on Ukraine on February 24 could result in a reaction, including cyber disruptions, however the White House did not elaborate.

Kaspersky, one of the most well-known anti-virus software companies, is based in Moscow and was created by Eugene Kaspersky, a former Russian intelligence operative, according to US officials.

In a statement, a Kaspersky spokeswoman claimed the briefings on alleged Kaspersky software hazards would be “further damaging” to the image of the business “without giving the company the opportunity to respond directly to such concerns,” and that it “is not appropriate or just.”

Russian law enforcement or intelligence services might force Kaspersky’s Russia-based workers to provide or assist in the establishment of remote access into their clients’ systems, according to the senior US official.

According to his company website, Eugene Kaspersky graduated from the Institute of Cryptography, Telecommunications, and Computer Science, which was originally supervised by the Soviet KGB. During his military service, Kaspersky worked as a “software engineer,” according to a company spokeswoman.

On its website, the Russian cybersecurity firm, which has a US headquarters, advertises relationships with Microsoft, Intel, and IBM. Microsoft did not respond to requests for comment. Requests for a response from Intel and IBM were not returned.

Kaspersky has included in the Federal Communications Commission’s list of communications equipment and service providers deemed dangerous to US national security on March 25.  It’s not the first time the US has suggested that Kaspersky may be influenced by the Kremlin.

In 2017 and 2018, the Trump administration spent months banning Kaspersky from government systems and urging several businesses not to use the software.

Similar cybersecurity briefings were held by US security agencies in the aftermath of Trump’s travel restriction. According to one of the people acquainted with the situation, the topic of those talks four years ago was akin to the present briefings. Kaspersky has constantly denied any misconduct or secret collaboration with Russian intelligence over the years.

It’s unclear whether the security briefings were prompted by a specific event or new intelligence. On classified material, the senior official declined to comment.

No US or allied intelligence agency has ever provided direct, public proof of a backdoor in Kaspersky software before now.

Following Trump’s decision, Kaspersky launched a series of transparency centres where partners can analyse its code for malicious activities, according to the company. After the US accusations, the goal, according to a business blog post at the time, was to rebuild customer trust.