Germany’s computer and communication security agency is advising users of Kaspersky’s antivirus software to find alternatives to the Russia-based company’s products.
BSI, did not accuse Kaspersky of any specific violations of customers’ trust, but it referred to Russia’s hostility toward the European Union, NATO and Germany itself as the invasion of Ukraine continues.
“A Russian IT manufacturer can carry out offensive operations itself, be forced to attack target systems against its will, or be spied on without its knowledge as a victim of a cyber operation, or be misused as a tool for attacks against its own customers,” the BSI said, according to a translation of the statement.
Kaspersky has always said that it operates separately from Russia’s government, and company founder Eugene Kaspersky maintained an air of neutrality about the Ukraine invasion in a tweet in early March. The German warning, however, echoes the concerns that led the U.S. government to ban Kaspersky products from federal agencies in 2017.
Kaspersky responded with a statement saying that “the continued implementation of concrete measures to demonstrate our enduring commitment to integrity and trustworthiness to our customers” is its top concern.
The company said in 2020 that it had moved all its data-processing from Russia to Switzerland. Since then, “malicious and suspicious files voluntarily shared by users of Kaspersky products in Germany are processed in two data centers in Zurich that provide world-class facilities, in compliance with industry standards, to ensure the highest levels of security,” Kaspersky said.
The company also has opened “transparency centers” in Canada, Europe and elsewhere, for customers to review its code. Its reputation for cyberthreat research remains strong, and it employs analysts from countries far beyond Russia.