Kaspersky Lab autopsies evidence on SolarWinds hack

2021-01-12 06:56

Kaspersky Lab reckons the SolarWinds hackers may have hailed from the Turla malware group, itself linked to Russia's FSB security service.

Referring to the hidden backdoor secretly implanted in SolarWinds' Orion product, Kaspersky's Georgy Kucherin wrote in a blog post on Monday: "While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar."

Kaspersky, itself a Russian company, linked that Kazuar remote-access hole with previous research by Palo Alto Networks which attributed it to the Russian state-sponsored Turla crew, who were last spotted targeting the Armenian government and Austria's Foreign Office.

Palo Alto's Unit 42 research division published its findings on Turla last summer, stating: "We suspect the Kazuar tool may be linked to the Turla threat actor group, who have been reported to have compromised embassies, defense contractors, educational institutions, and research organizations across the globe."

Taking these two snippets together, they suggest an even stronger link between the Russian state and the hackers who successfully compromised SolarWinds.

The SolarWinds compromise came to public attention in December 2020 after infosec behemoth FireEye, a SolarWinds customer, admitted its systems were unlawfully accessed in "a state-sponsored attack." .

News URL

https://go.theregister.com/feed/www.theregister.com/2021/01/12/solarwinds_russia_kaspersky/

#hack #kaspersky #kasperskylab #solarwinds

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Solarwinds		56	33	100	74	36	243
Kaspersky		27	9	40	5	4	58