A former Swiss Intelligence officer leaked classified NATO and cybersecurity data to Russia via Kaspersky between 2015 and 2020.
A former officer of Switzerland’s Federal Intelligence Service (FIS) is under investigation for having passed classified data to Russian intelligence, including the GRU. Holding a cybersecurity role with broad access rights, he allegedly copied sensitive files without authorization over several years. The Office of the Attorney General confirmed the leaked documents pertained to NATO cooperation, counterterrorism, and internal cybersecurity operations. The suspect reportedly acted alone, driven by ideology rather than financial gain. According to Swiss public broadcaster SRF, the leak occurred between 2015 and 2020 via the Russian cybersecurity company Kaspersky. The firm, whose European HQ is in Zurich, has faced similar accusations in the past. Several countries have restricted or banned the use of its services.
Analysis by Steven MEYER, Co-CEO of ZENDATA Cybersecurity:
Allegations against Kaspersky are nothing new—and as usual, hard evidence is missing. The case is complex, but we no longer recommend their products in Europe. Their tech is good, their engineers excellent, and pricing competitive. But it’s a Russian tool, founded by someone who worked for the Russian government and must comply with Russian laws.
Malware operates stealthily and is hard to detect. EDR cybersecurity solutions, which are replacing traditional antivirus, need full access to machines to detect and stop threats. This breach highlights internal monitoring failures, particularly involving privileged accounts. The suspect’s technical profile enabled long-term undetected data exfiltration. The absence of automated alerts or access reviews exposed the weak detection of insider threats.
This incident goes beyond Switzerland: it reflects a global challenge within intelligence services, balancing operational agility with strict access control.
The case underscores the need for continuous access rights monitoring, especially for technical profiles mixing IT admin roles with access to sensitive data.
Read the full article here.
