Russian government hackers lifted details of U.S. cyber capabilities from a National Security Agency employee who was running Russian antivirus software on his computer, according to several individuals familiar with the matter.
The employee had taken classified material home to work on his computer, and his use of Kaspersky Lab antivirus software enabled Russian hackers to see his files, the individuals said. The case, which dates to 2015 and has not been made public, remains under investigation by federal prosecutors.
The NSA declined to comment on the breach.
The employee involved was a Vietnamese national who had worked at Tailored Access Operations, the elite hacking division of the NSA that develops tools to penetrate computers overseas to gather foreign intelligence, said the individuals. He was removed from the job in 2015, but was not thought to have taken the materials for malicious purposes such as handing them to a foreign spy agency, they said.
The theft of the material enabled the Russian government to more easily detect and evade U.S. government cyberespionage operations, thwart defensive measures and track U.S. activities, the individuals said.