SolarWinds hackers are associated with well-known Russian spy gadgets |
Researchers at cybersecurity firm Kaspersky said on Monday that hacker SolarWinds, who was responsible for the global espionage campaign against US software makers last month, is linked to a known Russian spy tool.
The cybersecurity company reported that the backdoor that SolarWinds hackers use to infiltrate up to 18,000 SolarWinds customers is a lot like malware from a group of hackers called Turla.
Estonian authorities said: A pirate group called Turla works for the Russian Security Service (FSB).
These findings support the U.S. claim that this is the first publicly available evidence that Russia planned this hacking attack that threatened several sensitive federal agencies and was one of the world's most ambitious cyber operations. Date.
Kaspersky's head of global research and analysis (Costin Raiu) said the backdoor used by the SolarWinds hackers has three clear similarities to the Kazuar hack tool that Turla uses.
Similarities include how malware tries to hide its functionality from security analysts, how hackers recognize a victim, and how it calculates how long the virus has been dormant to avoid detection.
It is extremely difficult to reliably attribute a cyberattack, as when Russian hackers sabotaged the opening ceremony of the 2018 Winter Olympics, they intentionally impersonated a North Korean organization to evade their responsibility.
According to Rayo, the digital clues his team found did not directly point to Turla's interference with SolarWinds, but it did reveal an unknown link between the two hacking tools.
He stated that the software may have been provided by the same team, but Kazwar inspired the SolarWinds hackers and both tools were purchased from the same spyware developer. .
Security teams in the United States and other countries are still working to determine the full extent of the SolarWinds penetration.
Investigators said it could take several months to determine the severity of the vulnerability and remove the intruder from the victim's network.
CIA said, "The SolarWinds hackers are most likely Russians. In the process of gathering information, they have been directed against some prominent victims."