A version of this story appeared in the daily Threat Status newsletter from The Washington Times. Click here to receive Threat Status delivered directly to your inbox each weekday.
The Biden administration cracked down this week on Russia-based Kaspersky, issuing new restrictions on its U.S. operations that the Kremlin deemed unfair and the cybersecurity company labeled unnecessary.
The Department of Commerce blacklisted Kaspersky on Thursday and said the government will effectively block the cyber firm from selling software and providing updates for existing services to U.S. users because of national security concerns.
“The Biden-Harris administration is committed to a whole-of-government approach to protect our national security and out-innovate our adversaries,” Commerce Secretary Gina Raimondo said in a statement. “Russia has shown time and again they have the capability and intent to exploit Russian companies, like Kaspersky Lab, to collect and weaponize sensitive U.S. information, and we will continue to use every tool at our disposal to safeguard U.S. national security and the American people.”
In response to the U.S. move, Kremlin spokesman Dmitry Peskov said Kaspersky’s competitive performance on the international stage played a role in the American government’s actions.
“A signature technique, a signature move of unfair, indecent competition from the side of the United States,” Mr. Peskov said, according to Russia’s state-run Tass News Agency. “They resort to such techniques every time.”
The Commerce Department said its crackdown on Kaspersky was required because the cyber firm’s operations are forced to answer to the Russian government’s requests. The firm also has access to Americans’ information that could be transferred to Russian officials and can install malware on U.S. systems that use its software, U.S. officials said.
Kaspersky complained that the U.S. government’s actions were unnecessary and said it intended to pursue “all legally available options” in response.
“Kaspersky believes that the Department of Commerce made its decision based on the present geopolitical climate and theoretical concerns, rather than on a comprehensive evaluation of the integrity of Kaspersky’s products and services,” the company said on X. “Kaspersky does not engage in activities which threaten U.S. national security and, in fact, has made significant contributions with its reporting and protection from a variety of threat actors that targeted U.S. interests and allies.”
The firm said it proposed a system in which its products could be verified as safe by an external third party, but the U.S. was not interested in such a step.
The U.S. cybersecurity community has long looked at Kaspersky with skepticism but tensions have reached a near-fever pitch since Russia invaded Ukraine in February 2022.
Last year, Russia’s government blamed the U.S. intelligence community for hacking Apple iPhones. Russia’s Federal Security Service, FSB, said in June it knew of a spying operation aimed at Russia affecting thousands of phones.
The same month, Kaspersky said it found malicious software present on its management’s iPhones but the firm did not believe it was the hackers’ ultimate target.
Kaspersky employees spent months working to reverse engineer the hack and claimed they discovered a vulnerability in Apple’s work that existed since the 1990s, raising questions about whether the purported hackers had help from Apple.
Apple told Reuters it did not work with the government to install backdoors in any of its products. The American Big Tech company separately acknowledged some of Kaspersky’s findings last year and said it addressed the issues.
Whether the FSB tasked Kaspersky with conducting cyber threat intelligence work while investigating the suspected hacks of Russian officials is not fully known.
The U.S. Office of the Director of National Intelligence’s public threat assessment on Kaspersky from September 2023 said the FSB can legally direct Kaspersky to perform searches on end-user systems. The assessment said Kaspersky contracts with the Russian government and works in furtherance of Moscow’s offensive and defensive security interests.
Kaspersky said the Commerce Department’s prohibitions will not stop the firm from selling and promoting its “cyber threat intelligence offerings and/or trainings in the U.S.”
Americans who continue to use Kaspersky products will not face legal penalties under the Biden administration’s new actions, according to the Commerce Department.
The department said it would allow Kaspersky to continue certain operations, including anti-virus updates, until September 29, 2024.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.