Hackers working for the Russian government stole NSA plans and documents on cyber defense off a contractor’s personal computer, according to a report from the Wall Street Journal.
The article quotes sources familiar with the matter, who say that a contractor removed “highly classified material” from the NSA’s network and put it on his home computer. Hackers working for the Russian government were then able to ID the files, thanks to the contractor’s use of Russian-made antivirus software from Kaspersky Labs.
The incident occurred in 2015, according to the WSJ, but was not discovered until last year. The document stolen included details of “how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the U.S.”
Those stolen secrets are bad enough, but the attack would also appear to show that Russian hackers have been using commercial software to conduct wide-reaching surveillance in order to ID hacking targets. Kaspersky, a Russian company, is one of the largest vendors of consumer antivirus software in the world, with over 400 million users.
In a statement, Kaspersky Lab told the WSJ it “has not been provided any information or evidence substantiating this alleged incident, and as a result, we must assume that this is another example of a false accusation.”
The WSJ report doesn’t explain how the attack was attributed to the Russian government, nor how Kaspersky was linked to the hack. Attributing blame for hacking operations is difficult at best, and the lack of public scrutiny of this hack (compared to public attacks like WannaCry) means that attribution to the Russian government is far from certain.