The authorities fear the Kremlin could use Kaspersky to obtain sensitive data from US government devices.
The Biden administration ramped up a national security probe into Russia’s AO Kaspersky Lab antivirus software earlier this year amid heightened fears of Russian cyberattacks after Moscow invaded Ukraine, three people familiar with the matter told Reuters.
The case was referred to the Commerce Department by the Department of Justice last year, a fourth person said, but Commerce made little progress on it until the White House and other administration officials urged them to move forward in March, the three people added.
At issue is the risk that the Kremlin could use the antivirus software, which has privileged access to a computer’s systems, to steal sensitive information from American computers or tamper with them as tensions escalate between Moscow and the West.
Access to the networks of federal contractors and operators of critical US infrastructure such as power grids are seen as particularly concerning, the three people said.
US regulators have already banned federal government use of Kaspersky software, and could ultimately force the company to take measures to reduce risks posed by its products or prohibit Americans from using them altogether.
The probe, which has not previously been reported, shows the administration is digging deep into its tool kit to hit Moscow with even its most obscure authorities in a bid to protect US citizens and corporations from Russian cyber attacks.
The authorities are “really the only tool that we have to deal with the threat (posed by Kaspersky) on an economy-wide commercial basis, given our generally open market,” said Emily Kilcrease, a former deputy assistant US Trade Representative.
Other regulatory powers stop short of allowing the government to block private sector use of software made by the Moscow-headquartered company, long seen by US officials as a serious threat to US national security.
The departments of Commerce and Justice, and Kaspersky declined to comment. The company has for years denied wrongdoing or any secret partnership with Russian intelligence.
The ramped-up probe is being executed using broad new powers created by the Trump administration that allow the Commerce Department to ban or restrict transactions between US firms and internet, telecom and tech companies from “foreign adversary” nations including Russia and China.
For Kaspersky, Commerce could use the authorities to ban its use, the purchase of its software by US citizens, or prohibit the download of updates via a regulation in the Federal Register.
The tools are largely untested. Former President Donald Trump used them to try to bar Americans from using Chinese social media platforms TikTok and WeChat, but federal courts halted the moves.
A top Justice Department official said last year that the agency was examining dozens of Russian companies, including “a known connection between a particular company and the Russian intelligence services,” to see whether they threatened the US supply chain. The department could refer some of the cases to Commerce for further action, then-Assistant Attorney General John Demers said at the time.
Reuters could not learn whether the companies under review included Kaspersky, which made an estimated $95.3 million in US revenue in 2020 according to market research firm Gartner Inc, accounting for nearly 15% of its global revenue that year.
It was not clear whether that figure included Kaspersky products sold by third parties under different branding, a practice which generates confusion about software’s origin, according to US national security officials.
In 2017, the Department of Homeland Security banned Kaspersky’s flagship antivirus product from federal networks, alleging ties to Russian intelligence and noting a Russian law that lets its intelligence agencies compel assistance from Kaspersky and intercept communications transiting Russian networks.
The perceived threat has taken on greater urgency since Russia’s invasion of Ukraine on Feb. 24, which Moscow describes as a “special military operation.”
In March, German authorities warned the Kremlin might coerce the Moscow-based company to participate in cyberattacks, or Russian government agents could clandestinely use its technology to launch cyberattacks without its knowledge. Italy later followed with a similar recommendation.
Kaspersky said in a statement then that it was a privately-managed company with no ties to the Russian government, and described the German warning as politically motivated.
Recently, Cybernews has learned that Kaspersky Lab is protecting the resources of the Russian Ministry of Defense and other high-value domains that are instrumental to the Russian propaganda machine.
Reuters has reported that the US government began privately warning some American companies the day after Russia invaded Ukraine that Moscow could manipulate software designed by Kaspersky to cause harm.
The White House asked the Treasury Department to prepare sanctions against the company, the Wall Street Journal reported last month, adding that some officials pushed back out of concern it could increase the risk of Russian cyberattacks.
More from Cybernews:
Subscribe to our newsletter