The group behind a international cyber-espionage campaign found last month deployed malicious computer code with hyperlinks to spying tools formerly used by suspected Russian hackers, investigators have said.
Investigators at Moscow-based cybersecurity company Kaspersky said the “backdoor” utilized to undermine to 18,000 clients of US software maker SolarWinds closely resembled malware connected to a hacking group known as “Turla,” which Estonian authorities have said functions on behalf of Russia’s FSB security services.
The findings will be the first publicly-available proof to support assertions by the United States that Russia orchestrated the hack, which endangered a raft of sensitive national agencies and is among the toughest cyber operations ever disclosed.
Moscow has repeatedly denied the allegations. The FSB did not respond to a request for comment.
Costin Raiu, head of global research and analysis at Kaspersky, said there were three distinct similarities between the SolarWinds backdoor and a hacking tool called”Kazuar” that can be used by Turla.
The similarities included the way both pieces of malware attempted to obscure their functions from safety analysts, the way the hackers identified that their victims, and the formula used to figure periods once the viruses lay dormant in an effort to avoid detection.
“One such finding could be dismissed,” Raiu said.
Confidently attributing cyberattacks is very difficult and strewn with potential pitfalls. When Russian hackers disrupted the Winter Olympics opening ceremony in 2018, by way of instance, they intentionally imitated a North Korean team to attempt to deflect the blame.
Raiu said the electronic signs uncovered by his group failed to directly implicate Turla from the SolarWinds undermine, but did reveal that there was a yet-to-be determined link between both hacking tools.
It is possible they were deployed by the same group, he explained, but in addition that Kazuar inspired the SolarWinds hackers, the two tools were bought from precisely the exact same spyware developer, or even that the attackers planted “false flags” to mislead researchers.
Security teams in the United States and other nations are still working to ascertain the complete range of this SolarWinds hack. Investigators have said it might take months to understand the level of the compromise and much longer to evict the hackers from prey networks.
US intelligence agencies have said that the hackers were”likely Russian in origin” and targeted a small number of high-profile victims as part of the intelligence-gathering operation.
The team at Platform Executive hope you have enjoyed this news article. Translation from English to other languages via Google Cloud Translation. Initial reporting via our official content partners at Thomson Reuters. Reporting by Jack Stubbs/ Editing by Chris Sanders and Edward Tobin.
Stay on top of the latest developments across the platform economy and gain access to our problem-solving tools, proprietary databases and content sets by becoming a member of our community. For a limited time, premium subscription plans start from just $7 per month.