Israeli intelligence officers were able to track in real time the actions of hackers backed by the Russian government as they attempted to steal information from American intelligence organizations through antivirus tools produced by Kaspersky Lab, the New York Times reported.

The Russian hacking efforts were first detected more than two years ago, at which point the U.S. government and its intelligence agencies were informed of the activity. Knowledge of Russia’s use of Kaspersky’s antivirus eventually led to the removal of the company’s software from government computers.

According to the report, Russian hackers were able to use tools built by Kaspersky, a Russia-based cybersecurity firm, to search machines that installed the company’s software for documents. The searches often targeted code names of American intelligence programs.

Somewhat ironically, the Russians’ use of Kaspersky software as a sort of search engine for sensitive documents was discovered when Israeli intelligence agents breached the company’s corporate systems to study how the antivirus software works and investigate potential ties to the Russian government.

Kaspersky Lab did not discover the presence of Israeli operatives until 2015. Upon identifying the intrusion, the company detailed its findings in a public report.

Kaspersky never fingered Israel as the culprit but said the attack bore a resemblance to an attack known as Duqu, which had been attributed to the same nation-state actors behind the Stuxnet attack that destroyed the uranium centrifuges in an Iranian nuclear facility. Stuxnet was a join operation between the U.S. and Israel. Kaspersky dubbed the attack against its systems Duqu 2.0.

Other targets of Duqu 2.0, according to Kaspersky’s research, included hotels and conference venues used for closed-door meetings of the United Nations Security Council during the negotiation of the Iran nuclear agreement. Israel was excluded from those conversations, and several of the targets of Duqu 2.0 were in the U.S., suggesting it was an operation carried out by just Israel.

While the Israelis may have used the attack to spy on America, it also relied its findings about Russia’s use of Kaspersky to U.S. officials. It is unclear how long Russia ran its hacking operation through Kaspersky.

What is clear is that the operation run by the Russians was successful. Last week, it was reported that Russian hackers were able to target and steal valuable information and documents from the U.S. National Security Agency by identifying the files through Kaspersky.

The highly classified documents, which contained details about how the U.S. launches cyber attacks against foreign computer networks and defends its own systems against attacks, were taken from a contractor working with the American intelligence agency. The information was stolen after the NSA contractor moved classified documents onto his home computer, which was running Kaspersky.

For its part, Kaspersky has denied any knowledge of the situation. In a statement in response to the report from the New York Times, the company said, “Kaspersky Lab reiterates its willingness to work alongside U.S. authorities to address any concerns they may have about its products as well as its systems, and respectfully requests any relevant, verifiable information that would help the company in its own investigation to certifiably refute the false accusations.”

In the statement, the security firm insisted that it “has never helped, nor will help, for any government in the world with its cyberespionage efforts,” and insisted “Kaspersky Lab software does not contain any undeclared capabilities such as backdoors as that would be illegal and unethical.”

RELATED STORIES
Security Israel Russia Security