Kaspersky reveals ‘elegant’ malware resembling NSA code

LUHG_HANI , 7 months ago

Could have sworn Kaspersky was trying their hardest to not be Russian.

madsen , 7 months ago

It’s most likely resembling NSA code because it’s using EternalBlue which was leaked back in 2017 by ShadowBrokers. The title of the article is misleading/click-baity. (No offense to the OP, I know you just used the title from the article.)

Salamendacious OP , 7 months ago

👍

KnightontheSun , 7 months ago

Not really trusting the source here.

Salamendacious OP , 7 months ago

pcmag.com/…/powerful-malware-disguised-as-crypto-…

KnightontheSun , 7 months ago

Thank you, but I meant I don’t trust Kapersky themselves.

CyberDine , 7 months ago

Nor should you, if you’re American

Salamendacious OP , 7 months ago

I used to use Kaspersky but I stopped about 10 years ago or so. I get why people don’t trust having that software on their computers but personally I don’t distrust their public reports (which is different from trust obviously). Just because I feel like other more technically minded people are going to look into this and there will be a confirmation or a denial eventually.

I’ve read about code from Stuxnet being used in other worms so it didn’t surprise me that this is possible. I’m not a cyber security expert so it could all be nothing and I wouldn’t know the difference. This is some rather technical stuff.

KnightontheSun , 7 months ago

Anything is possible and it certainly seems more difficult to find truth these days, but I appreciate you posting.

Salamendacious OP , 7 months ago

👍

KingThrillgore , 7 months ago

I believe Kaspersky used to be very persona non grata in Russia, and then someone either from Gazprom or similar made a buyout and now, not so much.

jvisick , 7 months ago

Here’s the original report: securelist.com/…/110903/

It doesn’t specifically attribute this to the NSA, and it’s very hard to definitively say who created what malware anyways.

That being said, if you read through the report, the details on this really scream “state actor” most probably. The level of modularity, the infrastructure of the C2 server, and the detailed & flexible spying capabilities all point to some government agency more than anything else.