34 Views

Kaspersky Withdraws from US Market

July 16, 2024

Get a Price Quote

Cybersecurity software developer Kaspersky Labs has announced the closure of its US operation following sanctions imposed by the US government against the Russian company. The sanctions, which came into effect in September, prohibit sales and downloads of Kaspersky products in the country, with a complete ban on new business transactions set to take place later this month.

The decision to shut down its US operations will impact around 50 staff members employed by Kaspersky in the country. The company expressed disappointment in the Department of Commerce's ruling, stating that the decision seemed to be influenced more by geopolitical tensions rather than a thorough evaluation of the integrity of Kaspersky's products and services.

Despite the sanctions, Kaspersky emphasized that it does not engage in activities that pose a threat to US national security. The company highlighted its contributions to cybersecurity, including its efforts in reporting and protecting against various threat actors targeting US interests and allies.

Kaspersky has been a key player in providing security solutions for vulnerabilities in the Internet of Things (IoT), customizing services for embedded systems, and enhancing security for vehicles. However, the company has faced restrictions in Europe since 2017, predating the recent sanctions linked to the conflict in Ukraine.

Interestingly, Kaspersky's Global Research and Analysis Team (GReAT) recently uncovered an Advanced Persistent Threat (APT) group known as CloudSorcerer, which has been targeting Russian government entities. Despite similarities to a previously discovered threat group, CloudSorcerer stands out due to its unique codebase and functionality.

CloudSorcerer utilizes public cloud infrastructure, including services like Microsoft Graph, Yandex Cloud, and Dropbox, as its primary command and control servers. The malware interacts with these servers through APIs, using authentication tokens obtained from seemingly legitimate sources like GitHub.

The APT group employs a sophisticated multi-stage attack strategy, adapting its functionality based on the processes it infects. By leveraging cloud storage locations and APIs, CloudSorcerer gathers system information and exfiltrates data to designated cloud services, all while employing complex obfuscation and encryption techniques to evade detection.

Sergey Lozhkin, principal cybersecurity researcher at Kaspersky's GReAT, emphasized the significance of recognizing and mitigating such stealth tactics in cybersecurity strategies, particularly in governmental and corporate settings. The deployment of CloudSorcerer underscores the evolving landscape of cyber threats and the need for proactive measures to counter espionage activities conducted through public cloud services.

Recent Stories


Please follow us on LinkedIn to continue browsing our website. We appreciate your action to follow our LinkedIn page. Thank you very much.