Please disable your adblock and script blockers to view this page

The SolarWinds Hackers Shared Tricks With a Notorious Russian Spy Group


Profile
SolarWinds
Kaspersky
UNC2452
FSB
KGB
SunBurst
Palo Alto Networks
Global Research and Analysis Team
XOR
Sunburst
CrowdStrike
Turla
the other."If SolarWinds
Agent.btz
DomainTools
Cybersecurity and Infrastructure Security Agency
FBI
the Office of the Director of National Intelligence
the Senate Select Committee on Intelligence
the White House
TVThe
Bluetooth speakersWIRED
Condé Nast
Affiliate Partnerships


Andy GreenbergTo
Kaspersky
Dark Halo
Turla
UNC2452
Costin Raiu
intelligence."Dmitri Alperovitch
Georgy Kucherin
Kazuar
Turla—
Joe Slowik
Mark Warner
Donald Trump


Russian
Iranian
🎮 WIRED Games


Raiu


Kremlin
Kaspersky
Sunburst


Russia
US
CrowdStrikeSince
Sunburst
FNV-1a
China

No matching tags

Positivity     35.00%   
   Negativity   65.00%
The New York Times
SOURCE: https://www.wired.com/story/solarwinds-russia-hackers-turla-malware/
Write a review: Wired
Summary

Now Russian cybersecurity firm Kaspersky has revealed the first verifiable clues— three of them, in fact—that appear to link the SolarWinds hackers and a known Russian cyberespionage group.On Monday morning Kaspersky published new evidence of technical similarities between malware used by the mysterious SolarWinds hackers, known by security industry names including UNC2452 and Dark Halo, and the well-known hacker group Turla, believed to be Russian in origin and also known by the names Venomous Bear and Snake. But they say their findings suggest that one hacker group at the very least "inspired" the other, and they may have common members between them or a shared software developer building their malware.Kaspersky's researchers found three similarities in a UNC2452 backdoor program known as SunBurst and a five-year-old piece of Turla malware known as Kazuar, which was first discovered by security researchers at Palo Alto Networks in 2017. "This is confirming the attribution to at least Russian intelligence," Alperovitch says.But while Alperovitch notes that Turla is widely understood to be an FSB hacking group, he argues that Kaspersky's clues don't provide enough evidence to say the SolarWinds attack was carried out by the FSB. And since the 2008 Agent.btz worm, he points out, there's no evidence Turla that has spied on any US targets, whereas the SolarWinds hack has already been confirmed to have breached more than half a dozen US federal agencies.Kaspersky's evidence isn't quite a "smoking gun" tying the SolarWinds hack directly to any known group, says Joe Slowik, a security researcher at DomainTools.

As said here by Wired