Security News > 2021 > January > Researchers Find Links Between Sunburst and Russian Kazuar Malware
Kaspersky's latest analysis of the Sunburst backdoor has revealed a number of shared features between the malware and Kazuar, leading the researchers to suspect that -.
The groups behind Kazuar and Sunburst obtained the malware from a single source.
While Kazuar randomly selects a sleeping period between two and four weeks between C2 connections, Sunburst randomly opts for a sleeping period between 12 and 14 days before contacting the server for initial reconnaissance.
"Suspecting the SolarWinds attack might be discovered, the Kazuar code was changed to resemble the Sunburst backdoor as little as possible," the researchers said.
"These code overlaps between Kazuar and Sunburst are interesting and represent the first potential identified link to a previously known malware family," Kaspersky researchers concluded.
"While Kazuar and Sunburst may be related, the nature of this relation is still not clear. Through further analysis, it is possible that evidence confirming one or several of these points might arise. At the same time, it is also possible that the Sunburst developers were really good at their opsec and didn't make any mistakes, with this link being an elaborate false flag."
News URL
Related news
- Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates (source)
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Russian charged by U.S. for creating RedLine infostealer malware (source)
- Uncle Sam outs a Russian accused of developing Redline infostealing malware (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections (source)
- Researchers discover first UEFI bootkit malware for Linux (source)