Russian Hackers Targeted NSA Employees Home Computer

New reports today say it was a National Security Agency employee, not a a contractor, whose home machine running Kaspersky Lab antivirus was hacked for classified files.

New reports on the latest
NSA classified data breach revealed yesterday
paint the source of the leak as an actual employee of the spy agency, not a contractor, as was originally reported by
The Wall Street Journal
.
The Washington Post
in its reporting described the NSA employee who loaded classified NSA files onto his home computer that in turn was hacked by Russian cyber spies in 2015, as a Vietnam-born US citizen who had been part of the NSAs famed Tailored Access Operations (TAO) hacking team. The employee, who was removed from his position in 2015, was working on a project to create new TAO tools in the wake of former NSA contractors Edwards Snowdens theft and leak of TAO tools in 2013; the new tools were among the files pilfered by Russian nation-state hackers.
A
New York Times

report
also characterized the targeted man as an NSA employee.
Word of the breach first came yesterday in a
Wall Street Journal
report, which said the hack of classified cyberattack and defense tools occurred via Kaspersky Lab antivirus software on the NSA employees home computer, where the AV flagged the NSA cyberspying tools and code. The breach wasnt detected until the spring of 2016, and wasnt known publicly until
the WSJ report
.
Security experts say the reports raise more questions than answers about how the attack actually occurred. Matthieu Suiche, founder of Comae Technologies and an expert on the mysterious Shadow Brokers group, points out that it apparently took the NSA six months to discover the incident.
Suiche told Dark Reading that its hard to say if theres a connection to the NSA exploits held and leaked by Shadow Brokers. He says hes unclear how investigators tied the NSA data leak to the Kaspersky Lab software specifically, and whether the attacker had an exploit for the AV software.
It can be a man-in-the-middle or even vulnerability itself used to steal the files, he notes.
Read the Posts latest on the breach
here
.
Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity
agenda here
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Russian Hackers Targeted NSA Employees Home Computer