Earlier, the United States accused security software Kaspersky of helping the Russian espionage department steal secrets, and eventually, the US government department was banned from purchasing Kaspersky software.
The contractor employee took the US National Security Agency’s confidential information in violation of the rules and then downloaded the office software activation tool that carried the virus from the Internet.
Since Kaspersky Security Software was installed on this employee’s computer, it was immediately blocked by Kaspersky Alarm when the virus-carrying activation tool was downloaded.
At the same time, Kaspersky’s built-in cloud analysis tool uploads confidential data and activation tools to cloud-only analysis, which eventually leads to the discovery of classified information in the United States.
Kaspersky destroyed the information immediately after the discovery of confidential US information, but even so, the United States still believes that Kaspersky secretly steals information.
The US police arrested the contractor’s employee for severe breaches of confidentiality agreements and work practices. The employee had been sentenced to five and a half years in prison by the court.
Kaspersky’s report restored the event map at the time, mainly because NSA employees used spyware to infect spyware.
At first, the employee copied the confidential information to the computer on the home computer through the USB flash drive, but the Microsoft Office series was not installed on the computer.
The employee then searched and downloaded the image file containing the backdoor from the Internet, and released the KMS software containing the backdoor in the system.
When Kaspersky detects an anomaly, it begins to intercept the backdoor to connect to the remote server, but the user now chooses to disable Kaspersky to activate Office.
This behavior should be widespread for the use of pirated software because the crack tool needs to disable anti-virus software to prevent it from being used after being killed.
Kaspersky also did get confidential documents:
After the employee is successfully activated and resumes Kaspersky’s operation, the cloud security scanning software automatically uploads suspicious files to the Kaspersky server.
Kaspersky deleted the file from the server and deleted the downloaded file and its copy, etc. after discovering that some data belong to the confidential data.
This is also the primary evidence that the US National Security Agency accuses Kaspersky of stealing data. The security bureau requires the US government to disable Kaspersky.