Content deleted Content added
Remove trade awards that lack notability and coverage by secondary sources. |
→Malware discovery: added new data on detected malware |
||
| (6 intermediate revisions by 5 users not shown) | |||
Line 20:
| products = [[Cybersecurity software]]
| services = [[Computer security]]
| revenue = {{increase}}[[
| operating_income =
| num_employees = 4,000+ (2020)<ref>{{cite web|url=https://www.kaspersky.com/about/company|title=About Us|publisher=Kaspersky Lab|access-date=August 26, 2020}}</ref>
Line 26:
| footnotes =
}}
'''Kaspersky Lab''' ({{IPAc-en|k|æ|ˈ|s|p|ɜːr|s|k|i}}; {{
Kaspersky expanded abroad from 2005 to 2010 and grew to $704 million in annual revenues by 2020,<ref>{{Cite web|date=April 19, 2021|title=Kaspersky reports financial results with stable business growth in 2020|url=https://www.kaspersky.co.in/about/press-releases/2021_kaspersky-reports-financial-results-with-stable-business-growth-in-2020|access-date=April 25, 2021|publisher=Kaspersky Lab|language=en}}</ref> up 8% from 2016, though annual revenues were down 8% in [[North America]] due to US government security concerns.<ref name="Roy19012018">{{cite news |last1=Stubbs |first1=Jack |title=Kaspersky Lab 2017 revenue up 8 percent, North America sales fall |url=https://www.reuters.com/article/us-russia-kaspersky-lab-results/kaspersky-lab-2017-revenue-up-8-percent-north-america-sales-fall-idUSKBN1F818F |access-date=September 5, 2018 |publisher=Reuters |date=January 19, 2018}}</ref> {{As of|2016|post=,}} the software has about 400 million users and has the largest market-share of cybersecurity software vendors in [[Europe]]. Kaspersky Lab ranks fourth in the global ranking of antivirus vendors by revenue.<ref>The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2010. The rating was published in the IDC report Worldwide IT Security Products 2011–2015 Forecast and 2010 Vendor Shares – December 2011. The report ranked software vendors according to earnings from sales of endpoint security solutions in 2010.</ref> It was the first Russian company to be included into the rating of the world's leading software companies, called the Software Top 100 (79th on the list, as of June 29, 2012). Kaspersky Lab is ranked 4th in [[Endpoint security|Endpoint Security]] segment according to [[IDC (consulting group)|IDC]] data for 2010.<ref>Worldwide Endpoint Security Revenue by Vendor, 2010</ref>
The Kaspersky Global Research and Analysis Team (GReAT) has led the discovery of sophisticated espionage platforms conducted by nations, such as [[Equation Group]] and the [[Stuxnet]] worm.<ref>{{Cite web|title=About Management Team |publisher=Kaspersky Lab|url=https://www.kaspersky.com/about/team|access-date=November 13, 2021}}</ref> {{Clarify|text=Various covert government-sponsored
The US government has alleged that Kaspersky has engaged with the Russian [[Federal Security Service]] (FSB)—ties which the company has actively denied.<ref>{{Cite news |last=Shaheen |first=Jeanne |date=2017-09-04 |title=The Russian Company That Is a Danger to Our Security |url=https://www.nytimes.com/2017/09/04/opinion/kapersky-russia-cybersecurity.html |url-status=live |archive-url=https://web.archive.org/web/20170908095741/https://www.nytimes.com/2017/09/04/opinion/kapersky-russia-cybersecurity.html |archive-date=2017-09-08 |accessdate=2017-09-09 |work=The New York Times |issn=0362-4331}}</ref><ref>{{cite news |title=Kaspersky under scrutiny after Bloomberg story claims close links to FSB |url=https://arstechnica.com/information-technology/2017/07/kaspersky-denies-inappropriate-ties-with-russian-govt-after-bloomberg-story/ |url-status=live |archive-url=https://web.archive.org/web/20170909052550/https://arstechnica.com/information-technology/2017/07/kaspersky-denies-inappropriate-ties-with-russian-govt-after-bloomberg-story/ |archive-date=2017-09-09 |accessdate=2017-09-09 |work=Ars Technica}}</ref><ref>{{Cite news |last=Solon |first=Olivia |date=2017-09-13 |title=US government bans agencies from using Kaspersky software over spying fears |url=https://www.theguardian.com/technology/2017/sep/13/us-government-bans-kaspersky-lab-russian-spying |url-status=live |archive-url=https://web.archive.org/web/20180115151529/https://www.theguardian.com/technology/2017/sep/13/us-government-bans-kaspersky-lab-russian-spying |archive-date=2018-01-15 |accessdate=2017-12-18 |work=The Guardian |issn=0261-3077}}</ref> In 2017, it was alleged that hackers working for the Russian government stole confidential data from the home computer of a US [[National Security Agency]] contractor via Kaspersky antivirus software. In response to [[Kaspersky bans and allegations of Russian government ties|these and other allegations]], Kaspersky began to solicit independent reviews and verification of its [[source code]], and relocated core infrastructure and customer data from Russia to [[Switzerland]]. Multiple countries have banned or restricted their [[government agencies]] from using Kaspersky products, including Lithuania,<ref>{{Cite news |date=21 December 2017 |title=Lithuania bans Kaspersky Lab software on sensitive computers |url=https://www.reuters.com/article/us-lithuania-russia-idUSKBN1EF23M |url-status=live |archive-url=https://web.archive.org/web/20220320003017/https://www.reuters.com/article/us-lithuania-russia-idUSKBN1EF23M |archive-date=2022-03-20 |access-date=2022-03-20 |newspaper=Reuters |via=www.reuters.com}}</ref> the Netherlands,<ref>{{Cite news |date=14 May 2018 |title=Dutch government to phase out use of Kaspersky anti-virus software |url=https://www.reuters.com/article/us-cyber-netherlands-kaspersky-idUSKCN1IF2NV |url-status=live |archive-url=https://web.archive.org/web/20220320003011/https://www.reuters.com/article/us-cyber-netherlands-kaspersky-idUSKCN1IF2NV |archive-date=2022-03-20 |access-date=2022-03-20 |newspaper=Reuters |via=www.reuters.com}}</ref> and the United States.<ref name=":0">{{Cite news |last1=Nakashima |first1=Ellen |last2=Gillum |first2=Jack |date=2017-09-13 |title=U.S. bans use of Kaspersky software in federal agencies amid concerns of Russian espionage |url=https://www.washingtonpost.com/world/national-security/us-to-ban-use-of-kaspersky-software-in-federal-agencies-amid-concerns-of-russian-espionage/2017/09/13/36b717d0-989e-11e7-82e4-f1076f6d6152_story.html |url-status=live |archive-url=https://web.archive.org/web/20170913173741/https://www.washingtonpost.com/world/national-security/us-to-ban-use-of-kaspersky-software-in-federal-agencies-amid-concerns-of-russian-espionage/2017/09/13/36b717d0-989e-11e7-82e4-f1076f6d6152_story.html |archive-date=2017-09-13 |accessdate=2017-09-13 |newspaper=Washington Post |issn=0190-8286}}</ref> On 20 June 2024, the US announced that it would prohibit Kaspersky from selling or distributing updates to its software to US customers which caused the cybersecurity company to leave the US market the following month.<ref name="auto">{{cite web|url=https://www.bbc.com/news/articles/cyr7ex16p32o|title=Kaspersky Labs: Russian antivirus firm leaving the US after ban|website=[[BBC]]|date=16 July 2024}}</ref><ref name="auto1">{{cite web|url=https://www.pcgamer.com/gaming-industry/russian-antivirus-giant-kaspersky-leaves-the-us-after-two-decades-slams-the-theoretical-concerns-that-led-to-it-being-banned/|title=Russian antivirus giant Kaspersky leaves the US after two decades, slams the 'theoretical concerns' that led to it being banned|website=[[PCGamer]]|date=16 July 2024}}</ref>
Line 94 ⟶ 95:
Later in 2013, Kaspersky earned the product of the year award from AV-Comparatives and the highest score among Enterprise solutions in a Dennis Technology Labs report.<ref name="Kaspersky Named Antivirus Tsar"/><ref>{{cite web|last1=Mesmmer|first1=Ellen|title=Enterprise anti-virus software test puts Kaspersky software out front, Microsoft at bottom|url=https://www.networkworld.com/article/676536/compliance-enterprise-anti-virus-software-test-puts-kaspersky-software-out-front-microsoft-at-bott.html|website=Network World|date=July 12, 2013|access-date=August 18, 2015}}</ref>
Kaspersky has also received certification of its products through the OESIS OK Certification Program, which verifies that the applications are interoperable with third-party technology solutions like [[Network
==Malware discovery==
Line 122 ⟶ 123:
===Equation Group===
{{main|Equation Group}}
In 2015, Kaspersky identified a highly sophisticated threat actor that it called "The Equation Group". The group incorporated sophisticated spying software into the firmware of hard drives at banks, government agencies, nuclear researchers and military facilities, in countries that are frequent targets of US intelligence efforts.<ref>{{cite news|title=Kaspersky links US to spread of PC spyware across 30 countries|newspaper=Financial Times|date=March 25, 2015|url=http://www.ft.com/cms/s/0/4d4a8f9c-b668-11e4-95dc-00144feab7de.html#axzz46qMUFcNY|access-date=April 25, 2016}}</ref> It is suspected to have been developed by the National Security Agency (NSA) and included many unique technical achievements to better avoid detection.<ref name="Goodin 2015">{{cite web|last=Goodin|first=Dan|title=How 'omnipotent' hackers tied to NSA hid for 14 years—and were found at last|website=Ars Technica|date=February 16, 2015|url=https://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/|access-date=April 25, 2016}}</ref> That same day, Kaspersky announced the discovery of a hacker group it called [[Carbanak]], which was targeting banks and moving millions of dollars into fake accounts. Carbanak was discovered when one bank asked Kaspersky to investigate suspicious behavior from its ATMs.<ref name="Button 2015">{{cite news|title=The Kaspersky equation|newspaper=The Economist|date=February 21, 2015|url=https://www.economist.com/news/business/21644154-russian-antivirus-firm-impresses-sceptics-again-kaspersky-equation|access-date=April 24, 2016}}</ref> A similar malware using some of the same techniques as Carbanak was discovered in 2016 and dubbed Carbanak 2.0.<ref>{{cite news|title=Kaspersky confirms return of Carbanak and two more banking APT groups|newspaper=SC Magazine|date=February 9, 2016|url=http://www.scmagazine.com/news/kaspersky-confirms-return-of-carbanak-and-two-more-banking-apt-groups/article/472224/|access-date=April 25, 2016|first=Rio|last=Perez}}</ref>
===Duqu===
Line 141 ⟶ 142:
{{main|Titanium (malware)}}
In 2019, Kaspersky uncovered Titanium, a very advanced and insidious [[Backdoor (computing)|backdoor]] [[malware]] [[Advanced persistent threat|APT]], developed by [[PLATINUM (cybercrime group)|PLATINUM]], a [[cybercrime]] collective. Kaspersky Lab reported the malware on November 8, 2019.<ref name="KAS-20191108">{{cite news |author1=AMR (Anti-Malware Research) |author2=GReAT (Global Research & Analysis Team) |title=Titanium: the Platinum group strikes again |url=https://securelist.com/titanium-the-platinum-group-strikes-again/94961/ |date=November 8, 2019 |work=Kaspersky Lab |access-date=November 9, 2019 }}</ref><ref name="GSM-20191108">{{cite news |author=<!--Staff--> |title=Kaspersky identifies new Titanium backdoor used for attacks by notorious Platinum group in APAC region |url=http://www.globalsecuritymag.com/Kaspersky-identifies-new-Titanium,20191108,92551.html |date=November 2019 |work=Global Security Mag |access-date=November 9, 2019 }}</ref><ref name="AT-20191108">{{cite news |last=Goodin |first=Dan |title=One of the world's most advanced hacking groups debuts new Titanium backdoor |url=https://arstechnica.com/information-technology/2019/11/newly-discovered-titanium-backdoor-employs-clever-ways-to-go-undetected/ |date=November 8, 2019 |work=[[Ars Technica]] |access-date=November 9, 2019 }}</ref><ref name="ZDN-20191108">{{cite news |last=Osborne |first=Charlie |title=Platinum APT's new Titanium backdoor mimics popular PC software to stay hidden |url=https://www.zdnet.com/article/platinum-apts-new-titanium-backdoor-mimics-popular-pc-software-to-stay-hidden/ |date=November 8, 2019 |work=[[ZDNet]] |access-date=November 9, 2019 }}</ref><ref name="MV-20191108">{{cite news |last=Ewell |first=Pauline |title=Platinum APT Shines Up New Titanium Backdoor |url=http://mashviral.com/platinum-apt-shines-up-new-titanium-backdoor/ |date=November 8, 2019 |work=MashViral |access-date=November 9, 2019 |archive-date=November 9, 2019 |archive-url=https://web.archive.org/web/20191109155017/http://mashviral.com/platinum-apt-shines-up-new-titanium-backdoor/ |url-status=dead }}</ref><ref name="MRB-20191109">{{cite news |author=<!--Staff--> |title='Platinum' Hacking Group Strikes Once more With Complicated Titanium Backdoor To Home windows |url=https://marketresearchbase.com/2019/11/09/platinum-hacking-group-strikes-once-more-with-complicated-titanium-backdoor-to-home-windows/ |date=November 9, 2019 |work=Market Research Base |access-date=November 9, 2019 |archive-date=November 9, 2019 |archive-url=https://web.archive.org/web/20191109181802/https://marketresearchbase.com/2019/11/09/platinum-hacking-group-strikes-once-more-with-complicated-titanium-backdoor-to-home-windows/ |url-status=dead }}</ref>
===MATA Toolset Campaign===
In 2020, Kaspersky published research on the MATA Toolset Campaign, a sophisticated cyber-espionage framework targeting multiple operating systems, including [[Windows]], [[macOS]], and [[Linux]]. The [[malware]], attributed to the [[Lazarus Group]], was used for stealing databases, distributing [[ransomware]], and installing [[Backdoor (computing)|backdoors]] on infected systems. MATA's capabilities allowed attackers to execute a wide range of malicious activities, including exfiltrating sensitive data from corporate networks and compromising financial systems. The campaign highlighted the increasing cross-platform threat posed by state-sponsored actors. In September 2022 and October 2023, new malware samples linked to the MATA cluster were uncovered.<ref>{{Cite web|lang=en|url=https://securelist.com/mata-multi-platform-targeted-malware-framework/97746/|title=MATA: Multi-platform targeted malware framework
|website=Securelist|access-date=2024-11-12|archive-date=2024-04-16|archive-url=https://web.archive.org/web/20240416182717/https://securelist.com/mata-multi-platform-targeted-malware-framework/97746/|url-status=live}}</ref><ref>{{Cite web|lang=en|url=https://industrialcyber.co/industrial-cyber-attacks/kaspersky-data-reveals-updated-mata-attacks-targeting-industrial-companies-in-eastern-europe/|title=Kaspersky data reveals updated MATA attacks targeting industrial companies in Eastern Europe
|website=Industrial Cyber|access-date=2024-12-11|archive-date=2024-08-15|archive-url=https://web.archive.org/web/20240815174621/https://industrialcyber.co/industrial-cyber-attacks/kaspersky-data-reveals-updated-mata-attacks-targeting-industrial-companies-in-eastern-europe/|url-status=live}}</ref><ref>{{Cite web|lang=en|url=https://www.bleepingcomputer.com/news/security/mata-malware-framework-exploits-edr-in-attacks-on-defense-firms/|title=MATA malware framework exploits EDR in attacks on defense firms
|website=Bleepingcomputer|access-date=2024-12-11|archive-date=2024-07-20|archive-url=https://web.archive.org/web/20240720111025/https://www.bleepingcomputer.com/news/security/mata-malware-framework-exploits-edr-in-attacks-on-defense-firms/|url-status=live}}</ref>
===PyPI Supply Chain Attack===
In 2024, Kaspersky uncovered a year-long [[supply chain attack]] targeting the [[Python Package Index]] (PyPI), a popular repository for [[Python (programming language)|Python]] developers. Attackers uploaded malicious packages containing JarkaStealer, a malware designed to exfiltrate sensitive information from infected systems. These packages were disguised as legitimate tools and lured victims through social engineering tactics, including [[AI]] ([[OpenAI]]'s [[ChatGPT]]) [[chatbot]]s offering assistance. The campaign demonstrated the vulnerability of [[Open-source software|open-source]] ecosystems and emphasized the importance of scrutinizing dependencies in software development.<ref>{{Cite web|lang=en|url=https://www.scworld.com/news/fake-chatgpt-claude-pypi-packages-spread-jarkastealer-malware|title=Fake ChatGPT, Claude PyPI packages spread JarkaStealer malware
|website=ScMedia|access-date=2024-12-11|archive-date=2024-11-23|archive-url=https://web.archive.org/web/20241123050303/https://www.scworld.com/news/fake-chatgpt-claude-pypi-packages-spread-jarkastealer-malware|url-status=live}}</ref><ref>{{Cite web|lang=en|url=https://cybersecuritynews.com/malicious-pypi-package-mimic-chatgpt-claude/|title=Malicious PyPi Package Mimic ChatGPT & Claude Steals Developers Data
|website=Cyber Security News|access-date=2024-12-11|url-status=live}}</ref>
===NKAbuse Malware===
In 2023, Kaspersky exposed NKAbuse, a sophisticated multiplatform malware written in the Go programming language. This malware leveraged [[blockchain]] technology for its [[peer-to-peer]] communication infrastructure, making it resilient to takedowns. NKAbuse functioned as a flooder and a backdoor, enabling attackers to launch distributed [[Denial-of-service attack|denial-of-service]] (DDoS) attacks and gain persistent access to compromised systems. The campaign illustrated the evolving use of blockchain in [[cybercrime]] and reinforced the need for enhanced detection methods.<ref>{{Cite web|lang=en|url=https://securelist.com/unveiling-nkabuse/111512/|title=Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol
|website=Securelist|access-date=2024-12-11|archive-date=2024-07-23|archive-url=https://web.archive.org/web/20240723144442/https://securelist.com/unveiling-nkabuse/111512/|url-status=live}}</ref><ref>{{Cite web|lang=en|url=https://www.darkreading.com/cloud-security/nkabuse-malware-blockchain-hide-linux-iot|title=Complex 'NKAbuse' Malware Uses Blockchain to Hide on Linux, IoT Machines|website=Darkreading|access-date=2024-12-11|archive-date=2024-06-20|archive-url=https://web.archive.org/web/20240620164031/https://www.darkreading.com/cloud-security/nkabuse-malware-blockchain-hide-linux-iot|url-status=live}}</ref>
===Triangulation===
{{main|Operation Triangulation}}
In 2023, Kaspersky uncovered Triangulation, a sophisticated spyware campaign targeting [[iOS]] mobile devices. The malware exploited multiple [[Zero-day vulnerability|zero-day vulnerabilities]] to gain full control of targeted devices. Triangulation was primarily distributed through malicious attachments in instant messaging apps. Once installed, it allowed attackers to access encrypted communications, [[Global_Positioning_System|GPS]] locations, and sensitive data. Kaspersky attributed the campaign to an [[advanced persistent threat]] (APT) group but refrained from naming a specific actor, though evidence suggested ties to state-sponsored espionage.<ref>{{Cite web|lang=en|url=https://www.computerweekly.com/news/366556873/Kaspersky-opens-up-over-spyware-campaign-targeting-its-staffers|title=Kaspersky opens up over spyware campaign targeting its staffers|website=ComputerWeekly|access-date=2024-12-11|archive-date=2024-06-21|archive-url=https://web.archive.org/web/20240621122440/https://www.computerweekly.com/news/366556873/Kaspersky-opens-up-over-spyware-campaign-targeting-its-staffers|url-status=live}}</ref><ref>{{Cite web|lang=en|url=https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/|title=Operation Triangulation: The last (hardware) mystery
|website=Securelist|access-date=2024-12-11|archive-date=2024-12-09|archive-url=https://web.archive.org/web/20241209012330/https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/|url-status=live}}</ref>
===CloudSorcerer/EastWind===
CloudSorcerer APT and its EastWind campaign were identified by Kaspersky in 2024.The malware leveraged public cloud infrastructure to perform large-scale data exfiltration and surveillance. The attackers used sophisticated [[phishing]] campaigns to infiltrate government and private sector organizations, especially targeting research institutions and critical infrastructure. CloudSorcerer employed novel encryption techniques to disguise data flows, complicating detection. Kaspersky linked the malware to a state-affiliated group but did not specify which country was behind the attack.<ref>{{Cite web|lang=en|url=https://www.darkreading.com/cyberattacks-data-breaches/eastwind-cyber-spy-campaign-chinese-apt-tools|title='EastWind' Cyber-Spy Campaign Combines Various Chinese APT Tools|website=Darkreading|access-date=2024-12-11|archive-date=2024-08-22|archive-url=https://web.archive.org/web/20240822172705/https://www.darkreading.com/cyberattacks-data-breaches/eastwind-cyber-spy-campaign-chinese-apt-tools|url-status=live}}</ref><ref>{{Cite web|lang=en|url=https://www.ccn.com/news/technology/china-hackers-breach-russian-agencies-malware-kaspersky/|title=China-Linked Hackers Breach Russian Agencies With Sophisticated Malware, Kaspersky Reveals Widespread Espionage Campaign
|website=CCN|access-date=2024-12-11|archive-date=2024-08-15|archive-url=https://web.archive.org/web/20240815133541/https://www.ccn.com/news/technology/china-hackers-breach-russian-agencies-malware-kaspersky/|url-status=live}}</ref>
===DuneQuixote===
In 2024, Kaspersky exposed DuneQuixote, a stealthy malware campaign targeting intellectual property in the technology and energy sectors. The malware used custom-built [[Exploit (computer security)|exploits]] and employed [[Fileless malware|fileless]] techniques, operating entirely in memory to evade detection by traditional security tools. DuneQuixote's attack vector included compromised software updates and supply chain vulnerabilities. Kaspersky attributed the operation to a well-funded APT group with global reach, though the precise origin remained unclear. The discovery highlighted the growing complexity of threats targeting high-value intellectual assets.<ref>{{Cite web|lang=en|url=https://urgentcomm.com/cybersecurity/-dunequixote-shows-stealth-cyberattack-methods-are-evolving-can-defenders-keep-up-|title=‘DuneQuixote’ shows stealth cyberattack methods are evolving. Can defenders keep up?|website=Urgent Communications|access-date=2024-12-11|url-status=live}}</ref>
==Bans and allegations of Russian government ties==
| |||