Kaspersky Lab Thursday released the results of an internal investigation as the Moscow-based security company aims to defend itself against having alleged ties to the Russian government.
In early October, a Wall Street Journal report alleged that Kaspersky Lab uploaded National Security Agency files from an employee’s computer in 2015 – but the company in its report said that it did not do so as a result of collusion with Russia, but instead as part of an investigation into malicious code on the machine.
According to Kaspersky Lab's report, the company said that its servers received confidential NSA materials from a computer – but the incident occurred in 2014, not 2015.
Kaspersky Lab also said that its download of the confidential files on the computer was not a result of collusion with Russia, but instead an investigation of malicious code on the computer from an NSA-linked hacking group called the Equation Group.
In September 2014, according Kaspersky Lab, one of its security products deployed on a home computer reported variants of the malware used by the Equation Group. The user of the computer disabled Kaspersky Lab's anti-virus tool and downloaded pirated software infected with another form of malware, before re-activating the company's product, according to the company.
The file containing malware was sent back to Kaspersky Lab and CEO Eugene Kaspersky then ordered that the classified data be deleted from the computer, the company said in its report.
“The reason Kaspersky Lab deleted those files and will delete similar ones in the future is two-fold: First, it needs only malware binaries to improve protection and, secondly, it has concerns regarding the handling of potentially classified material,” the company said in the report.
Kaspersky Lab stressed that its investigation did not reveal similar incidents in 2015, 2016 or 2017.
“The software performed as expected and notified our analysts of alerts on signatures written to detect an Equation Group malware that was actively under investigation. In no way was the software used outside of this scope to either pull back additional files that did not fire on a malware signature or were not part of the archive that fired on these signatures,” the company said in the report.