The company wrote in a post titled "‘Twas the night before", in which it reworked some of what it said had been in a private report sent out much earlier, "it’s important to restate yet again that we defend customers, and research malware and intrusions, regardless of their source.
"Accordingly, subscribers to our private APT intelligence reports receive unique and extraordinary data on the significant activity and campaigns of over 100 APTs from all over the world."
The post in question was about an APT that appeared to be of Iranian origin, targeting Saudi Arabia, and was made in the light of the US Cyber Command uploading some malware samples to the database VirusTotal.
This came in the wake of numerous exposures by Kaspersky of what were said to be American malware. In 2014, the company's researchers exposed an attack by Britain's GCHQ and the CIA on a Belgian telecommunications provider. (The malware used for this attack surfaced again this year.)
The following year, Kaspersky revealed the doings of an entity it called the Equation Group; this group has been, for years, known to be an arm of the NSA.
Kaspersky has also detailed how the Stuxnet operation was carried out to cripple Iran's nuclear program. Stuxnet was discovered by Sergey Ulasen in 2010; he joined Kaspersky Lab a year later. The virus was infiltrated into Iran's nuclear labs through an USB drive as the lab was not connected to any external network.
The last time Kaspersky openly outed an US operation was in 2018 when it revealed details of malware known as Slingshot during its annual Security Analyst Summit in Cancun. Slingshot, which was used to gain access to Windows systems through routers, was later revealed as a US military program run by the Joint Special Operations Command, a part of the Special Operations Command.
It was said to be used by US military and intelligence personnel to collect information about terrorists.
iTWire has contacted Kaspersky for comment.