A message promising the release of the Kaspersky source code appeared on Twitter a couple of days back; the leak of the Samsung code was announced on Telegram.
Most of these claims appear to be part of a pattern where big-name companies are claimed to have been breached and their source code leaked following the Samsung incident and also a leak from NVIDIA. There are also numerous claims about hacking attempts in support of either Russia or Ukraine, with different groups claimed to be taking different sides.
Less than 12 hours until Kaspersky code from their production, quality assurance, and staging servers is leaked. Plus a possible surprise or two that may cause the company a lot more stress than just the leak of some source code....#Ukraine @xxNB65 @NB65 #nb65 @kaspersky
— Ender Wiggin (@Nb65Lead) March 9, 2022
iTWire understands that some of the accounts making these claims may be operated by intelligence agencies which are aiming to keep their opponents off-balance.
|
|
We take security very seriously pic.twitter.com/ghFThKbULq
— Kaspersky (@kaspersky) March 10, 2022
One band of so-called hacktivists has falsely claimed to have compromised Signal's Russian servers and an informed source said it was not clear as to whether the false claim was made for fun or to get Russians to switch to a less secure platform where messages could be intercepted more easily. Signal has a reputation as the best mobile messaging client as far as security is concerned.
Another company that was claimed to have been breached was Epic Games, with the Telegram post in question claiming that source code for the Unreal engine was among the dump. This has, like the Kaspersky claim, turned out to be unreal [pun intended].
The leak from the South Korean mobile giant was, however, confirmed by the company. Kaspersky issued a tweet saying its experts had checked the claims about source code leaks.
??Update 8. 8 MAR. #cybertracker ??
— CyberKnow (@Cyberknow20) March 8, 2022
Added new groups and modified groups activity. Looks like it may have settled a bit now.
Issues/tips please contact.#cybersecurity #threatintelligence #infosecurity #UkraineRussiaWar #CyberAttack #cyber https://t.co/gePekvKFOh pic.twitter.com/LfsswuBXX1
"The result of the analysis confirms that the claims are unfounded," the company said. "The leak doesn't contain source code of the company's products. Instead [it] contains publicly available data from Kaspersky's servers."
Contacted for comment regarding this burst of online activity, ransomware researcher Brett Callow said: "Ransomware gangs, other cyber-crime operations, multiple hacktivist collectives and a state-sponsored volunteer IT Army all claim to be hacking either Russian or Ukrainian assets."
Callow, who works with Emsisoft, a company based in in New Zealand, added: "While some of the claims are undoubtedly true, others are impossible to verify and lots are likely completely false. Those making false claims may be goofballs doing it for the lulz [laughs] or actually doing it strategically to keep the other side distracted and off-balance.
The most disappointing CTI news of the week still remains the Kaspersky leak that wasn't. I can't even imagine all the use cases of the advertised dataset...
— Jake Williams (@MalwareJake) March 11, 2022
"It really is impossible to say. And, of course, in addition to the cyber-crime operations and hacktivist collectives and IT Army, the intelligence services will be doing what intelligence services do. Suffice to say, the threat landscape is currently complicated and unpredictable. In fact, it's a cluster****."
Kaspersky added that the source code of its products, along with security and A-V updates, results of security audits and software build of materials were all available for review at its transparency centres around the world.
These centres were set up after the US Government waged a campaign against Kaspersky which resulted in the company losing its business with the public sector.
