Russian cybersecurity company Kaspersky is reportedly closing its office in the UK and laying off employees. The decision comes just three months after the company began winding down its operations in the US, according to information shared with TechCrunch.
Kaspersky spokesperson Francesco Tius stated in an email to the publication that the company will initiate the process of closing its UK office while shifting its business focus in the country to its partner network.
“This step will enable our company to harness available business opportunities in the UK market in a more efficient manner, strengthening overall business prosperity,” wrote Tius. “Our customers and partners in the UK will maintain full access to the company’s European team and its strong and well-established partner network, through which we will continue distributing Kaspersky’s industry-leading cybersecurity products and services.”
Kaspersky UK exit follows US departure
Tius further clarified that the cybersecurity company’s London office employs fewer than 50 staff members.
This new move is the latest development in a series of operational changes for Kaspersky. For several years, the company has faced allegations regarding its relationship with the Russian government – namely, that surveillance laws passed by the latter effectively force the antivirus provider to share telemetry data with the country’s intelligence services (Kaspersky has repeatedly denied these claims.)
In June, the US government imposed a sales ban on Kaspersky products within its domestic market, leading to the company’s decision to close its offices in the country and lay off staff. The closure occurred after Kaspersky was added to the US government’s Entity List, which includes foreign entities deemed to pose risks to national security.
As a result of the ban, Kaspersky exited the US market entirely and transferred its customer base to a new antivirus firm, UltraAV. Some users noted that Kaspersky software was automatically removed from their systems and replaced with UltraAV without prior consent.
In response, Kaspersky explained that customers had been adequately informed about the transition, even though no explicit approval was sought for the replacement of the software.
Kaspersky discover new APT
In a separate announcement, Kaspersky revealed that its security researchers have detected a new wave of Advanced Persistent Threat (APT) attacks carried out by the group Awaken Likho, aimed at government and industrial entities in Russia. The threat group, which remains operational, has modified its tactics to increase the success rate of its attacks while evading detection by cybersecurity measures.
In this latest attack campaign, the group has shifted its focus to exploiting MeshCentral, a free, web-based platform used for remote control of computer systems. This represents a significant change from its previous strategy, where the group relied on UltraVNC agents to gain access to systems.
Awaken Likho, also known by the alias Core Werewolf, has been active since at least 2021, with a marked increase in operations following the escalation of the Russo-Ukraine conflict.
Kaspersky’s investigation into the group’s activities uncovered a new malicious campaign that commenced in June 2024 and persisted through at least August. This campaign was primarily aimed at cyberespionage and gaining control over devices, specifically targeting Russian government departments, industrial sectors, and their related contractors.