Three months after U.S. officials asserted that Russian intelligence used popular antivirus company Kaspersky to steal U.S. classified information, there are indications that the alleged espionage is related to a public campaign of highly damaging NSA leaks by a mysterious group called the Shadow Brokers.

“That’s a Russian intelligence operation,” a former senior intelligence official, who requested anonymity to speak bluntly, told Yahoo Finance. “They’ve gotten a lot noisier than they used to be.”

View photos

‘A very high level of confidence’

In August 2016, the Shadow Brokers began leaking classified NSA exploit code that amounted to hacking manuals. In October 2017, U.S. officials told major U.S. newspapers that Russian intelligence leveraged software sold by Kaspersky to exfiltrate classified documents from certain computers. (Kaspersky software, like all antivirus software, requires access to everything stored on a computer so that it can scan for malicious software.)

And last week the Wall Street Journal reported that U.S. investigators “now believe that those manuals [leaked by Shadow Brokers] may have been obtained using Kaspersky to scan computers on which they were stored.”

Members of the computer security industry agree with that suspicion.

“I think there’s a very high level of confidence that the Shadow Brokers dump was directly related to Kaspersky … and it’s very much attributable,” David Kennedy, CEO of TrustedSec, told Yahoo Finance. “Unfortunately, we can only hear that from the intelligence side about how they got that information to see if it’s legitimate.”

Dave Aitel, CEO of offensive-minded cybersecurity Immunity, previously explained that there is no “magical way where you can both show the evidence and protect sources and methods.”

After initial reports about the alleged Russian espionage through Kaspersky, the New York Times reported that Israeli officials monitored Russian government hackers as they scanned computers running Kaspersky software to find classified U.S. documents.

Aitel noted that “the Israelis have screenshots and keylogger dumps of this activity happening. To me that says they were watching it in real time. And they know exactly who was at the desk because if they have a keylogger, they know who’s logged in. They know a lot about the people involved, so we haven’t seen all of the information that the Israelis have.”

View photos The Moscow headquarters of the Russian cybersecurity company Kaspersky Lab. (Photo by Sergei Savostyanov/Tass via Getty Images) More

The public linking by U.S. officials of the alleged espionage-via-Kaspersky to the Shadow Brokers leaks, which the Times described as “one of the worst security debacles ever to befall American intelligence,” would intensify the scandal.

Kennedy reiterated that “the general feeling across the security industry … is that the Shadow Brokers dump was very much so related to information obtained through Kaspersky.”

Kaspersky, which reaches 400 million users worldwide, has repeatedly denied the allegations.

“Unverified opinions about Kaspersky Lab continue to be shared, and should be taken as nothing more than unsubstantiated allegations against a company whose mission has always been to protect against malware regardless of its source, and which has repeatedly extended an offering to help alleviate any substantiated concerns,” Kaspersky Lab stated to Yahoo Finance. “We have never helped and will never help any government with its cyberespionage efforts, and we have no ties with Shadow Brokers or any other cyber-threat actor. We are committed to demonstrating our trustworthiness with our Global Transparency Initiative.”

Story continues