During Russia’s continuing war in Ukraine, the German Federal Office for Information Security (BSI) urged enterprises against using Kaspersky antivirus software, citing concerns that it may be used for cyber-espionage or to conduct cyberattacks.
While the office does not explicitly prohibit the use of Kaspersky software, it does advise German companies to replace it with alternative software from non-Russian vendors, warning that Russia’s military and intelligence activities in Ukraine, as well as its threats against Europe, NATO, and Germany, meaning there is a “considerable risk of a successful IT attack.”
“An IT manufacturer can hold out military actions in contradiction of its consumers, be compelled to strike target systems against its will, be surveilled on as a victim of a cyber operating condition without its understanding, or be used as a tool for attacks against its customers,” the BSI said in a statement, explaining that antivirus software like Kaspersky’s has deep system admittance and must uphold a permanent, encrypted, and non-verifiable connection to the manufacturer’s servers. The announcement states, “Organisations and authorities with unique security interests, as well as operators of essential infrastructures.”
While consumers are likely to be the “last targeted” in the case of a successful assault, they may suffer “collateral” harm or overflow, according to the BSI.’
This warning, which the BSI says is “only intended to raise awareness of possible threats,” has already prompted German groups to break relations with Kaspersky, including Germany’s Eintracht Frankfurt soccer club. In a press statement, club spokesperson Axel Hellmann said, “We have told Kaspersky management that we are cancelling the sponsorship deal effective immediately.” “We are disappointed by the development.”
Although it did not specifically reference Kaspersky, Italy’s Computer Security Incident Response Team (CSIRT) has also asked firms to risk-assess what technologies are offered by Russian corporations or companies with ties to Russia.
According to Kaspersky, the BSI’s decision is based on political considerations rather than a technical review of its products.
Kaspersky representative Francesco Tius told TechCrunch, “We will continue to reassure our partners and consumers about the quality and integrity of our products.” “We will work with the BSI to obtain an explanation for its decision and to find answers to the BSI’s and other regulators’ concerns.” The company claimed, “Kaspersky is a private worldwide cybersecurity organisation with no affiliations to the Russian or any other government.”
The declaration comes after similar remarks from the company’s CEO, Eugene Kaspersky, who earlier this month tweeted that he welcomed “compromise” conversations, eliciting heated replies. A recently enacted rule in Russia prohibits media from referring to the Kremlin’s military campaign in Ukraine as “war” or “invasion,” albeit it is unclear if this regulation applies to corporations established in Russia.
Kaspersky’s links to Russia have long been known, but they have been a subject of contention. The Trump administration prohibited federal agencies from using Kaspersky software in 2017, citing worries about the company’s suspected ties to the Russian government. The European Parliament approved a resolution the following year classifying the security firm’s software as “malicious” due to the company’s alleged ties to Russian intelligence.