Main page / About Us / About Kaspersky Lab / Transparency /

Fighting Crime

Principles of fighting cyberthreats

Cyberthreats have become a global problem that has spread far beyond any geographical borders. As an IT security company, Kaspersky Lab is determined to detect and neutralize all forms of malicious programs, regardless of their origin or purpose.

One of Kaspersky Lab’s most important assets in fighting cybercrime is the Global Research & Analysis Team (GReAT), comprising top security researchers from all over the world – Europe, Russia, the Americas, Asia, and the Middle East.

Kaspersky Lab has a clear policy concerning the detection of malware: we detect and remediate any malware attack. There is no such thing as "right" or "wrong" malware for us. Kaspersky Lab’s research team has been actively involved in the discovery and disclosure of several malware attacks with links to governments and state organizations. Over the past few years Kaspersky Lab has published in-depth research into Sofacy (a.k.a. Fancy Bear, APT28), CozyDuke, Equation, Lamberts, Turla, Flame, Gauss, The Mask/Careto, Regin, Equation, Duqu 2.0, Lazarus – some of the biggest state-sponsored operations known to date. To chronicle the groundbreaking malicious cyber campaigns that have been investigated by GReAT, Kaspersky Lab has launched a Targeted Cyberattack Logbook.

It does not matter which language the threat “speaks”: Russian, Chinese, Spanish, German, or English. The following list of threats, as reported by GReAT, shows the different languages used in each case:

• Russian language: Moonlight Maze, RedOctober, CloudAtlas, Miniduke, CosmicDuke, Epic Turla, Penquin Turla, Turla, Black Energy, Agent.BTZ, Teamspy, Sofacy (a.k.a. Fancy Bear, APT28), CozyDuke

• English language: Regin, Equation, Duqu 2.0, Lamberts, ProjectSauron

• Chinese language: IceFog, SabPub, Nettraveler, Spring Dragon, Blue Termite

• Spanish language: Careto/Mask, El Machete

• Korean language: Darkhotel, Kimsuky, Lazarus

• French language: Animal Farm

• Arabic language: Desert Falcons, Stonedrill and Shamoon

However, the use of these different languages doesn’t permit attribution to any specific country. Language traces cannot be considered reliable evidence because they can be fabricated and deliberately planted in malware code as red herrings for investigators. For this reason, Kaspersky Lab don’t attribute threats to individual countries.

Has Kaspersky Lab ever been asked by any government not to detect a threat?

No, it hasn’t. There is no such thing as "right" or "wrong" malware for Kaspersky Lab. Kaspersky Lab has a clear policy concerning the detection of malware: we detect and remediate any malware attack no matter where it comes from.