Security News > 2021 > January > Researchers Find Links Between Sunburst and Russian Kazuar Malware
Kaspersky's latest analysis of the Sunburst backdoor has revealed a number of shared features between the malware and Kazuar, leading the researchers to suspect that -.
The groups behind Kazuar and Sunburst obtained the malware from a single source.
While Kazuar randomly selects a sleeping period between two and four weeks between C2 connections, Sunburst randomly opts for a sleeping period between 12 and 14 days before contacting the server for initial reconnaissance.
"Suspecting the SolarWinds attack might be discovered, the Kazuar code was changed to resemble the Sunburst backdoor as little as possible," the researchers said.
"These code overlaps between Kazuar and Sunburst are interesting and represent the first potential identified link to a previously known malware family," Kaspersky researchers concluded.
"While Kazuar and Sunburst may be related, the nature of this relation is still not clear. Through further analysis, it is possible that evidence confirming one or several of these points might arise. At the same time, it is also possible that the Sunburst developers were really good at their opsec and didn't make any mistakes, with this link being an elaborate false flag."