Ever since the December revelation that hackers breached the IT-management software firm SolarWinds, along with an untold number of its customers, Russia has been the prime suspect. But even as US officials have pinned the attack on the Kremlin with varying degrees of certainty, no technical evidence has been published to support those findings. Now Russian cybersecurity firm Kaspersky has revealed the first verifiable clues— three of them, in fact—that appear to link the SolarWinds hackers and a known Russian cyberespionage group.
On Monday morning Kaspersky published new evidence of technical similarities between malware used by the mysterious SolarWinds hackers, known by security industry names including UNC2452 and Dark Halo, and the well-known hacker group Turla, believed to be Russian in origin and also known by the names Venomous Bear and Snake. The group is widely suspected to work on behalf the FSB, Russia's successor to the KGB, and has carried out decades of espionage-focused hacking. Kaspersky's researchers made clear that they're not claiming UNC2452 is Turla; in fact, they have reason to believe the SolarWinds hackers and Turla aren't one and the same. But they say their findings suggest that one hacker group at the very least "inspired" the other, and they may have common members between them or a shared software developer building their malware.
Kaspersky's researchers found three similarities in a UNC2452 backdoor program known as SunBurst and a five-year-old piece of Turla malware known as Kazuar, which was
Support the originator by clicking the read the rest link below.
