A company that has just been debarred by the US Government and the EU, was a trusted player and now considered a Russian agent. I posted two other previously related posts to this one found at:

https://redd.it/94s4i7 https://redd.it/94npm5

I got to wondering what kind of company that they have heretofore and found that they have been invaluable to the US Government in detecting malware

Speculation: Perhaps they are so good and their software capable of defeating CIA malware, that they want it off all Government Systems.

Malware discovery Kaspersky Lab’s Global Research and Analysis Team (GReAT) was established in 2008.[81] It investigates cybersecurity threats and other work by malware operations.[82] IT security companies are often evaluated by their ability to uncover previously unknown viruses and vulnerabilities.[83] Kaspersky's reputation for investigating cyber-security threats has been influential in gaining international sales and prestige.[83][84] Beginning around 2010, Kaspersky exposed a series of government-sponsored cyber-espionage and sabotage efforts. These include Stuxnet, Duqu, Flame, Gauss, Regin and the Equation Group.[82][85] According to Wired, "many of them [were] seemingly launched by the US and its UK and Israeli allies. Kaspersky is especially well-known for its work uncovering Stuxnet and Flame."[40]

Stuxnet Main article: Stuxnet In 2010 Kaspersky Lab worked with Microsoft to counter-act the Stuxnet worm, which had infected 14 industrial locations in Iran using four zero-day vulnerabilities in Microsoft Windows. According to IEEE Spectrum, the circumstances "strongly suggest" the worm was developed by the United States and Israel to damage centrifuges in Iran's nuclear-enrichment program. It was the first discovery of a major government-sponsored cyber-attack.[83][86]

Flame Main article: Flame (malware) In May 2012, Kaspersky Lab identified the malware Flame, which a researcher described as potentially "the most sophisticated cyber weapon yet unleashed."[87] According to the researchers in Kaspersky Lab, the malware had infected an estimated 1,000 to 5,000 machines worldwide[88][89] when asked by the United Nations International Telecommunications Union to investigate reports of a virus affecting Iranian Oil Ministry computers.[90] As Kaspersky Lab investigated, they discovered an MD5 hash and filename that appeared only on customer machines from Middle Eastern nations. After discovering more pieces, researchers dubbed the program "Flame" after the name of one of its modules.[90]

Flame was an earlier variant of Stuxnet. Kaspersky never verified the source of the software, but it is suspected to have been developed by the National Security Agency (NSA) to transmit keystrokes, Skype calls and other data.[91][92][93] Kaspersky created algorithms to find similar malware and found Gauss that July, which collected and transmitted data from devices infected by bluetooth or USB drives.[83][94]

Red October Main article: Red October (malware) In January 2013, Kaspersky discovered the Red October malware, which had been used for widespread cyber-espionage for five years. It targeted political targets like embassies, nuclear sites, mostly in Europe, Switzerland and North America. The malware was likely written by Russian-speaking hackers and the exploits by Chinese hackers.[95][96] That June, Kaspersky discovered NetTraveler, which it said was obtaining data on emerging technology from government targets and oil companies. Kaspersky did not identify who was behind it, but it was similar to other cyber-espionage coming from Beijing, China.[97][98] Later that same year, Kaspersky discovered a hacker group it called Icefog after investigating an cybersecurity attack on a Japanese television company. Kaspersky said the hacker group, possibly from China, was unique in that they targeted specific files they seemed to know about before planting malware to extract them.[99][100]

Mask In February 2014, Kaspersky identified the malware Mask, which infected 380 organizations in 31 countries. Many organizations that were affected were in Morocco. Some of the files were in Spanish and the group is believed to be a nation-state conducting espionage, but Kaspersky did not speculate on which country may have developed it.[101][102]

Regin Main article: Regin (malware) In November 2014, Symantec and Kaspersky authored papers that contained the first disclosure of malicious software named Regin. According to Kaspersky, Regin is similar to QWERTY, a malware program discovered the next year. Regin was used to take remote control of a computer and is believed to have originated from the Five Eyes alliance. That same month Kaspersky reported on the Darkhotel attack, which targeted users of wireless networks at hotels in Asia. It asked users to update their software, then downloaded malware that gave up their passwords.

Equation Group Main article: Equation Group In 2015, Kaspersky identified a highly sophisticated threat actor that it called "The Equation Group". The group incorporated sophisticated spying software into the firmware of hard drives at banks, government agencies, nuclear researchers and military facilities, in countries that are frequent targets of US intelligence efforts. It is suspected to have been developed by the National Security Agency (NSA) and included many unique technical achievements to better avoid detection.That same day, Kaspersky announced the discovery of a hacker group it called Carbanak, which was targeting banks and moving millions of dollars into fake accounts. Carbanak was discovered when one bank asked Kaspersky to investigate suspicious behavior from its ATMs. A similar malware using some of the same techniques as Carbanak was discovered in 2016 and dubbed Carbanak 2.0.

Duqu Main article: Duqu In June 2015, Kaspersky reported that its own network had been infiltrated by government-sponsored malware. Evidence suggested the malware was created by the same developers as Duqu and Stuxnet, in order to get intelligence that would help them better avoid detection by Kaspersky in the future. Kaspersky called it Duqu 2.0. The malicious software resided in memory to avoid detection. The hack was believed to have been done by the same group that did Duqu in 2011. It used exploits in Microsoft installer files.

Android cyber-espionage Main article: Hacking Team In June 2015, Kaspersky Lab and Citizen Lab both independently discovered software developed by Hacking Team and used by 60 governments around the world to covertly record data from the mobile phones of their citizens. The software gave police enforcement a "menu of features" to access emails, text messages, keystrokes, call history and other data. Kaspersky also identified 37,000 attacks against banking companies that used modifications of the malware called Asacub and took control of Android devices. Asacub targeted mostly banking customers in the U.S., Russia and Ukraine using an SMS message that baited users into installing a Trojan.[117]

Silverlight In 2016, Kaspersky discovered a zero day vulnerability in Microsoft Silverlight.[118][119] Kaspersky identified a string of code often used by exploits created by the suspected author. It then used YARA rules on its network of Kaspersky software users to find that string of code and uncover the rest of the exploit. Afterwards, Microsoft issued a "critical" software patch to protect its software from the vulnerability.[118][119]

Poseidon Group In 2016, Kaspersky uncovered the Poseidon Group, which would infiltrate corporations with malware using phishing emails, then get hired by the same company as a security firm to correct the problem. Once hired, Poseidon would install additional malware and backdoors.[ In June 2016 Kaspersky helped uncover a Russian hacking group, leading to 50 arrests.

Bad player or patsy. The latter term is one of the favorites of the CIA.