Kaspersky hit by new below-the-belt sauna spy attack in the Wall Street Journal

Eugene KasperskyA few days ago there was a huge kerfuffle over allegations, published by Bloomberg, that Russian anti-virus company Kaspersky had “close ties to Russian spies”, deliberately didn’t report on malware that could have been sponsored by the Kremlin, and that CEO Eugene Kaspersky regularly visited the sauna with FSB intelligence officers.

They’re pretty serious allegations, but to my mind Bloomberg failed to back them up with evidence. In fact, I would score the fracas as 3-0 in Kaspersky’s favour.

Now, the Wall Street Journal is playing catch-up with its own report into “When Cybersecurity Meets Geopolitics”, naming America’s FireEye, Kaspersky Labs and the Dutch security firm Fox-IT as having close relationships with their national governments.

There doesn’t appear to be any new commentary from Kaspersky Lab in the article, instead it refers to the Bloomberg allegations and quotes from a response posted by Eugene Kaspersky himself.

Sign up to our free newsletter.
Security news, advice, and tips.

But what I found under-the-belt was how the WSJ reported the sauna allegation:

Bloomberg quote

“Bloomberg asserted Kaspersky attends sauna nights with Russian spies and is deeply intertwined with the Kremlin. Kaspersky didn’t deny the sauna gatherings, but argued they weren’t conspiratorial and the presence of spies was coincidental.”


I don’t think that’s accurate. Eugene Kaspersky admitted he goes to the sauna with his Kaspersky Lab workmates, but denied he’s scrubbing the back of the FSB, or having secret assignations with the Kremlin in the hot baths.

Just read his rebuttal of the Bloomberg report.

He said: “It’s not impossible that there might be Russian intelligence officials visiting the same building simultaneously with me, but I don’t know them.”

That’s quite different from what the Wall Street Journal is implying.

It feels like the WSJ is deliberately misrepresenting Kaspersky’s denial to sow the seeds of doubt in conspiracy theorists’ minds.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

7 comments on “Kaspersky hit by new below-the-belt sauna spy attack in the Wall Street Journal”

  1. david L

    Ok Graham,

    Where is YOUR evidence showing that Kaspersky has ever reported on malware coming out of Russia and or their proxies? I read threatpost daily and a multitude of other security blogs,white papers,and other research,and not once can I recall anything by Kaspersky that would cast aspersions on Russia. Can You? I think I will do a little search just to see if any can actually be found.

    1. Graham CluleyGraham Cluley · in reply to david L

      I'm sure Google will help you, but just read my previous article on the topic and you'll find some links:


    2. david L · in reply to david L

      Well,I was right. Kaspersky does not go after Russian malware,but simply reports on it after someone else has discovered and analised it already. Not only that,but he tries to mitigate the Russian connection to any malware. Don't believe me,go read the articles on securelist,and I checked,Arbor Networks first found "Black Energy" then two years later Dell reported on new variations. "Crowdstrike first found "Energetic Bear" and did the write-up on that Russian malware. Not to mention,Russia does nothing to stop hackers,except when they go after other Russians that is. I don't understand why so many people are so quick to jump to the defense of Kaspersky. I mean,didn't anyone actually read the Bloomberg article,because the former employee's said that the security programs could easily be turned against users. Yet Graham and many at "el reg" are having a love fest for Kaspersky,and bashing the US. Have they all forgotten who is their alli. And I have seen this strange attitude about Putin as well. I gota say,it is deeply concerning.

      1. Coyote · in reply to david L

        I'm going to try to make this fairly short even though there's a lot of issues at play (admittedly I probably fail here, likely in multiple ways):

        1. Graham has criticised Kaspersky before. That includes doing so at a time as also explaining how once something is on the Internet it is as good as part of history.
        2. Graham has also criticised the UK and went as far as calling Cameron (you know, the UK PM…) crazy (and he didn't put it lightly [personally I think crazy is the wrong word yet crazy is also nicer]). So it isn't as if he's only bashing the US, the way you word it being as if the US Is the only ally of the UK (which is rather, shall we say, a fairly bold statement).
        3. If the US doesn't want to be bashed, and if Americans don't want to be bashed, then maybe they would do well with giving less reasons to be bashed. Humans are drawn to the negative and the US has a lot of negative in its time as a country. Many Americans have huge attack surfaces here and they do nothing to better that. Every person that has a problem with it has a choice – they could be constructive (which includes defending all sides when relevant as well as criticising – again, constructively – each side when relevant; i.e. remove as much bias as possible). Otherwise they aren't helping matters by complaining about it (in fact it makes it worse – except for those who love drama, doing nothing about a problem except complaining, doesn't result in sympathy but actually the opposite; it adds to the fuel). I'll just make this aside, whether you intend it this way or not, the "Well, I was right" comes across as arrogant (to me and while I admit I am not the best to judge here – to be strictly technical I'm a terrible judge – it has, if nothing else, a dismissive tone). Graham has opinions here (they are very obviously worded as such) and I challenge you to name many people who don't offer opinions (or their interpretation of). This is the same thing I just described.
        4. The west and Russia don't get along and there's equal foul play on both sides. In addition, any corporation that operates in Russia is under Russia's laws. Just like the US corporations are with the US laws. So, the fact that Putin (and his time in power, multiple times even, shows this) is a controlling person only makes this more relevant. Far as I know he even has control of which books are acceptable for their schools. That says a lot at this point.

        .. and yes, the above is riddled with opinions, too. Just like every other view that other people have. Take it in to consideration though, and you have more control in the matter.

  2. Anonymous


  3. Dan

    wasn't there a scandal in the not so recent past where a major US newspaper was willingly censoring itself at the request of the white house?

  4. James W

    FireEye was founded and is still mostly run by a Pakistani-American (Ashar Aziz) and maintains a major office in Pakistan. Not exactly something the American government would approve of.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.