Security Intelligence
Loading table of contents...
Australia has recently joined the growing list of countries who have banned Kaspersky security software from their government networks.
The Aussie government made the decision after conducting a threat and risk analysis that ultimately concluded that the software posed an ‘unacceptable security risk to Australian Government networks and data, arising from threats of foreign interference, espionage and sabotage’. The ban was also intended to motivate Australian critical infrastructure providers and personal users of Kaspersky products to reconsider their use due to the security risks associated with the software.
Stay on top of emerging threats.
Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities.
Kaspersky products and services must be uninstalled from government systems and devices by April 1, 2025. However, an exemption can be sought for users who have a legitimate business reason for using the software.
Source: The Hacker News
Analysis
Western nations, including the U.S., Canada, and several European countries, previously banned or restricted Kaspersky software citing national security concerns. This is part of a broader trend where countries limit the use of foreign technology linked to adversarial governments (e.g., Huawei bans over alleged ties to the Chinese government).
The primary reason Kaspersky software has been banned is its potential ties to the Russian government, raising fears that its software could be used for espionage or cyberattacks. These concerns intensified after Russia passed the System for Operative Investigative Activities (SORM) law that required Russian telecommunication companies and internet service providers (ISPs) to install equipment that allows Russian intelligence agencies, primarily the Federal Security Service (FSB), to intercept, monitor, and store communications data without requiring a court order.
There is also a concern that Kaspersky’s antivirus software, which requires deep access to system files, could be used to collect sensitive data or facilitate cyber intrusions. For example, in 2015, a U.S. National Security Agency (NSA) contractor improperly stored classified hacking tools on his personal computer, which had Kaspersky antivirus installed. The software allegedly detected as potential malware and subsequently uploaded them to Kaspersky’s servers as part of its routine malware scanning. U.S. officials suspected that Russian intelligence may have accessed the files after they were uploaded, raising concerns that Kaspersky’s software could be exploited for espionage. Although Kaspersky claimed it deleted the files upon realizing their nature, the incident led to fears of potential Russian government influence over the company, prompting the U.S. and other Western nations to ban its products from government systems.
Mitigation
Field Effect’s Security Intelligence professionals constantly monitor the cyber threat landscape for emerging threats emanating from legitimate software that could potentially be used for malicious purposes. Field Effect MDR users are automatically notified if activity associated with this type of threat is detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.
For Non-Government Organizations (NGOs), businesses, and individuals who prioritize strong cybersecurity, transitioning away from Kaspersky to an alternative security provider is a practical risk-management decision given ongoing concerns about its potential exposure to Russian state influence.
