Kaspersky Lab

WikiLeaks: CIA wrote code ‘to impersonate’ Russia’s Kaspersky Lab anti-virus company

by

CIA wrote code ‘to impersonate’ Russia’s Kaspersky Lab anti-virus company, WikiLeaks says:

WikiLeaks says it has published the source code for the CIA hacking tool ‘Hive,’ which indicates that the agency-operated malware could mask itself under fake certificates and impersonate public companies, namely Russian cybersecurity firm Kaspersky Lab.

The CIA multi-platform hacking suite ‘Hive’ was able to impersonate existing entities to conceal suspicious traffic from the user being spied on, the source code of the malicious program indicates, WikiLeaks said on Thursday.

The extraction of information would therefore be misattributed to an impersonated company, and at least three examples in the code show that Hive is able to impersonate Russian cybersecurity company Kaspersky Lab, WikiLeaks stated.

Read moreWikiLeaks: CIA wrote code ‘to impersonate’ Russia’s Kaspersky Lab anti-virus company

Head Of Investigations At Russia’s Biggest Cybersecurity Firm Arrested For Treason

by

Head Of Investigations At Russia’s Biggest Cybersecurity Firm Arrested For Treason:

In what may be the latest fallout from the cold cyberwar taking place between the US and Russia, the head of the investigation unit, and one of the most important cybercrime experts at Kaspersky Lab, Russia’s biggest cybersecurity firm, was been arrested on charges of treason. Stoyanov was involved in every big anti-cybercrime operation in Russia in past years, including the one against the components of the Lurk cybercrime gang.

Kaspersky Lab confirmed to AP reports in Russia’s Kommersant newspaper that Ruslan Stoyanov, head of its computer incidents investigations unit, was arrested in December.

Read moreHead Of Investigations At Russia’s Biggest Cybersecurity Firm Arrested For Treason

Flame Steals Data Even When Computers Are Not Connected To The Internet

by

Flame Steals Data Even When Computers Are Not Connected to the Internet (Occupy Corporatism, June 13, 2012):

Experts specializing in malware from Bitdefender have uncovered a special capability in Flame’s code that allows the virus to steal data from computers that are not connected to the internet or networked machines.

Flame can move stolen data to a USB memory stick plugged into an infected harddrive. Bitdefender assert that this ability has never been witnessed before. This cyberespionage virus will move stolen information to an USB outlet, then seemingly wait for the chance to upload it to the malware controllers once the infected computer links to the internet.

Read moreFlame Steals Data Even When Computers Are Not Connected To The Internet

Kaspersky Lab: Flame And Stuxnet Virus Share Common Origin

by

Related info:

Flame Virus Developed By U.S. Government

Kaspersky At Cyber Security Conference: ‘It’s Not Cyber War, It’s Cyber Terrorism And I’m Afraid It’s Just The Beginning Of The Game … I’m Afraid It Will Be The End Of The World As We Know It’

Obama Ordered The Stuxnet Attack On Iran’s Nuclear Facilities – And Yes: This Is An Act Of War!

President Obama Ordered Stuxnet Attacks On Iran Nuclear Facilities

US And Israel Created Stuxnet, Lost Control Of It

Flame Super-Virus Threatening To Cripple Entire Nations Has ‘Hallmarks Of The NSA’

Diving Into Flame, Researchers Find A Link To Stuxnet (threatpost, June 11, 2012):

Researchers digging through the code of the recently discovered Flame worm say they have come across a wealth of evidence that suggests Flame and the now-famous Stuxnet worm share a common origin.

Researchers from Kaspersky Lab say that a critical module that the Flame worm used to spread is identical to a module used by Stuxnet.a, an early variant of the Stuxnet worm that began circulating in 2009, more than a year before a later variant of the worm was discovered by antivirus researchers at the Belarussian firm VirusBlokAda. The claims are the most direct, to date, that link the Flame malware, which attacked Iranian oil facilities, with Stuxnet, which is believed to have targeted Iran’s uranium-enrichment facility at Natanz. If true, they suggest a widespread and multi-year campaign of offensive cyber attacks against multiple targets within that country.

According to the Kaspersky researchers, early versions of Stuxnet were, in fact, created out of components that were part of what they refer to as the “Flame platform”. But they believe development of the two malicious programs diverged after 2009, suggesting that two different development teams may have been working independently for a single entity to create malware with specific objectives, according to Kaspersky researchers, writing on the company’s blog, Securelist.

Read moreKaspersky Lab: Flame And Stuxnet Virus Share Common Origin