Snowden: NSA is spying on foreign antivirus companies
The Intercept edition has published another piece of information from the secret documents of the NSA fluent employee Edward Snowden. The espionage project for various anti-virus companies was called “CAMBERDADA” and was used to track their activities. The list of vendors is shown below in the screenshot (from the NSA presentation). It can be seen that the list lacks American vendors Symantec and McAfee, as well as the British Sophos.
One of the documents indicated that the American and British intelligence agencies were collecting emails that users sent to antivirus companies, warning them about the appearance of new malicious programs. It also indicates that the NSA unit called Tailored Access Operations (TAO) , which is known as the “ offensive security unit ”, could “repurpose” the malware to perform other functions, for example, to bypass antivirus security functions.
')
Fig. Various methods of collecting information on the activities of AV companies ( slides ).
Fig. One of the intercepted e-mails that was addressed to the AV company.
The CAMBERDADA program is not new, we previously wrote about a malicious campaign in which Duqu2 state-sponsored malware was used. Duqu2 was aimed at compromising a well-known anti-virus company and used a zero-day exploit to distribute it, in addition, the malware drivers were signed by a digital certificate stolen from Foxconn.
One of the documents indicated that the American and British intelligence agencies were collecting emails that users sent to antivirus companies, warning them about the appearance of new malicious programs. It also indicates that the NSA unit called Tailored Access Operations (TAO) , which is known as the “ offensive security unit ”, could “repurpose” the malware to perform other functions, for example, to bypass antivirus security functions.
')
Fig. Various methods of collecting information on the activities of AV companies ( slides ).
Fig. One of the intercepted e-mails that was addressed to the AV company.
The CAMBERDADA program is not new, we previously wrote about a malicious campaign in which Duqu2 state-sponsored malware was used. Duqu2 was aimed at compromising a well-known anti-virus company and used a zero-day exploit to distribute it, in addition, the malware drivers were signed by a digital certificate stolen from Foxconn.
Source: https://habr.com/ru/post/260903/
All Articles