The Swiss Intelligence Leak: Former NDB Officer Transmitted Classified Information to Russia via Kaspersky

Swiss intelligence leak

A former Swiss Intelligence officer leaked classified NATO and cybersecurity data to Russia via Kaspersky between 2015 and 2020.

A former officer of Switzerland’s Federal Intelligence Service (FIS) is under investigation for having passed classified data to Russian intelligence, including the GRU. Holding a cybersecurity role with broad access rights, he allegedly copied sensitive files without authorization over several years. The Office of the Attorney General confirmed the leaked documents pertained to NATO cooperation, counterterrorism, and internal cybersecurity operations. The suspect reportedly acted alone, driven by ideology rather than financial gain. According to Swiss public broadcaster SRF, the leak occurred between 2015 and 2020 via the Russian cybersecurity company Kaspersky. The firm, whose European HQ is in Zurich, has faced similar accusations in the past. Several countries have restricted or banned the use of its services.

Analysis by Steven MEYER, Co-CEO of ZENDATA Cybersecurity:

Allegations against Kaspersky are nothing new—and as usual, hard evidence is missing. The case is complex, but we no longer recommend their products in Europe. Their tech is good, their engineers excellent, and pricing competitive. But it’s a Russian tool, founded by someone who worked for the Russian government and must comply with Russian laws.

Malware operates stealthily and is hard to detect. EDR cybersecurity solutions, which are replacing traditional antivirus, need full access to machines to detect and stop threats. This breach highlights internal monitoring failures, particularly involving privileged accounts. The suspect’s technical profile enabled long-term undetected data exfiltration. The absence of automated alerts or access reviews exposed the weak detection of insider threats.

This incident goes beyond Switzerland: it reflects a global challenge within intelligence services, balancing operational agility with strict access control.

The case underscores the need for continuous access rights monitoring, especially for technical profiles mixing IT admin roles with access to sensitive data.

Read the full article here.

Swiss intelligence leak

Stay informed with us!

You can subscribe to our monthly cybersecurity newsletter to receive updates about us and the industry

Blog

Check the latest updates on threats, stories, events and analysis.

FIN6 phishing campaign

Skeleton Spider’s Cloud Tactics Expose Recruiters to Stealth Malware

  • Social engineering
Critical CVE Trend Micro Breach

Trend Micro fixes Critical Vulnerabilities in Apex Central and Encryption Products

  • CVE, Technology Breach
Copilot Microsoft Breach EchoLeak

Zero-Click EchoLeak Exploit in Microsoft 365 Copilot Highlights AI Data Exfiltration Risks

  • AI Cybersecurity

More posts

Were you a victim of hackers? Have you experienced a data breach? Call us or write to us.
We know what to do.

+ 41 22 588 65 90 (24/7 hotline)
emergency@zendata.security

While we’re processing your request, there are some things you can do to prevent a disaster.

SELF-HELP GUIDE

Newsletter

Stay up to date with the latest threats, stories, events and analysis, sign up for our monthly cybersecurity newsletter.

Since 2011, we have been supporting businesses, governments, and educational organizations. We’ve partnered with international organisations and law enforcement to provide you with the fastest and most efficient threat response.

Offices

Geneva

Rte de Frontenex, 62Bis,

1207, Geneva

Switzerland

Bahrain

Office 1201,

Almoayyed TowerAI, Seef,

Bahrain

Abu Dhabi

Office 603, Centro Capital Center,

Abu Dhabi Exhibition Center,

Khaleej Al Arabi St, Abu Dhabi,

UAE

Dubai

Building Montana,

D84 Zaa’beel Street, Dubai,

UAE

Singapore

90 EU Tong Sen Street

#03-02B, Singapore, 059811

Singapore

Legal

Privacy Policy

Social Media

Downloads

DEFCON: Switzerland

© Copyright ZENDATA CYBERSECURITY