He said Researchers in a company Cybersecurity Kaspersky today, Monday: The SolarWinds hackers are responsible for the global espionage campaign discovered last month against the American software company. They are associated with well-known Russian spy gadgets.
The cybersecurity firm explained that the backdoor that SolarWinds hackers used to penetrate up to 18,000 SolarWinds customers was very similar to the malware associated with the hacking group known as Turla.
Estonian authorities said: The hacking group known as Turla works on behalf of the Russian Security Service (FSB).
These findings represent the first publicly available evidence to support US assertions that it was Russia that orchestrated the hack, which endangered a host of sensitive federal agencies and is among the most ambitious cyber operations ever revealed.
There are three distinct similarities between the backdoor used by the SolarWinds hackers and the hacking tool Kazuar used by Turla, said (Costin Raiu) Costin Raiu, head of Kaspersky’s global research and analysis division.
Similarities included the way the malware attempted to hide its functions from security analysts, how hackers identified their victims, and the formula used to calculate periods when viruses were inactive in an effort to avoid detection.
It is very difficult Attribute cyber attacks documented When Russian pirates disrupted the opening ceremony of the Winter Olympics in 2018, they deliberately imitated a North Korean group to try to deflect blame.
The digital clues his team uncovered did not directly point to Turla in the SolarWinds hack, but it did show an unidentified connection between the two hacking tools, Rayo said.
He explained that it was possible that the software was deployed by the same group, but Kazuar inspired the hackers of SolarWinds, and both tools were purchased from the same spyware developer, and the attackers placed false flags to mislead the investigators.
And security teams in the United States and other countries are still working to determine the full extent of the SolarWinds penetration.
Investigators said: It could take months to understand the extent of the breach and remove the hackers from the victims’ networks.
And US intelligence agencies said: The SolarWinds pirates are likely to be of Russian origin, and have targeted a small number of high-profile victims as part of the intelligence gathering process.