Our principles of fighting cyberthreats
Cyberthreats have become a global problem that has spread far beyond any geographical borders. As an IT security company, Kaspersky is determined to detect and neutralize all forms of malicious programs, regardless of their origin or purpose.
One of Kaspersky’s most important assets in fighting cybercrime is the Global Research & Analysis Team (GReAT), comprising top security researchers from all over the world – Europe, Russia, the Americas, Asia, and the Middle East.
We have a clear policy concerning the detection of malware: we detect and remediate any malware attack. There is no such thing as "right" or "wrong" malware for us. Our research team has been actively involved in the discovery and disclosure of several malware attacks with links to governments and state organizations. Over the past few years we have published in-depth research into Sofacy (aka Fancy Bear, APT28), CozyDuke, Equation, Lamberts, Turla, Flame, Gauss, The Mask/Careto, Regin, Equation, Duqu 2.0, Lazarus – some of the biggest state-sponsored operations known to date. To chronicle the groundbreaking malicious cyber campaigns that have been investigated by GReAT, Kaspersky has launched a Targeted Cyberattack Logbook.
It does not matter which language the threat “speaks”: Russian, Chinese, Spanish, German, or English. The following list of threats, as reported by GReAT, shows the different languages used in each case:
- Russian language: Moonlight Maze, RedOctober, CloudAtlas, Miniduke, CosmicDuke, Epic Turla, Penquin Turla, Turla, Black Energy, Agent.BTZ, Teamspy, Sofacy (aka Fancy Bear, APT28), CozyDuke
- English language: Regin, Equation, Duqu 2.0, Lamberts, ProjectSauron
- Chinese language: IceFog, SabPub, Nettraveler, Spring Dragon, Blue Termite
- Spanish language: Careto/Mask, El Machete
- Korean language: Darkhotel, Kimsuky, Lazarus
- French language: Animal Farm
- Arabic language: Desert Falcons, Stonedrill and Shamoon
However, the use of these different languages doesn’t permit attribution to any specific country. Language traces cannot be considered reliable evidence because they can be fabricated and deliberately planted in malware code as red herrings for investigators. For this reason, we don’t attribute threats to individual countries.
Have you ever been asked by any government not to detect a threat?
No, we haven’t. There is no such thing as "right" or "wrong" malware for us. We have a clear policy concerning the detection of malware: we detect and remediate any malware attack no matter where it comes from.