Otto
Advanced
- Joined
- 22.09.20
- Messages
- 104
- Reaction score
- 423
- Points
- 63
A Kaspersky Lab study claims that the malware used by attackers during a cyberattack on US government agencies in December is similar to tools that are linked to Russian hackers.
Hackers broke into the IT systems of US government agencies using tools used by the Russian cybercrime group Turla. This is stated in a study by Kaspersky Lab. The Estonian Foreign Intelligence Service believes that members of this group work for the FSB of the Russian Federation.
Kaspersky Lab analysts compared the Sunburst hacking tool used during this attack with the already well-known Kazuar tool used by the Turla hacking group, which many experts associate with Russia, and found similarities in their code.
Similar tools were used to make both parts of the Sunburst malware invisible, as well as methods for detecting potential victims. Almost identical were the formulas used by attackers to calculate the time when viruses were in "sleep" mode in order to avoid detection.
"One such conclusion could be rejected. Two coincidences make me raise an eyebrow. Three is more than a coincidence, " said Costin Raiu, one of the study's authors.
About the cyber attack, dubbed the Sunburst, was known at the end of December. The malicious code was hidden in software updates of the IT company SolarWinds. According to reports, the attack lasted several months and was the longest and largest in the history of the United States.
Hackers broke into the IT systems of US government agencies using tools used by the Russian cybercrime group Turla. This is stated in a study by Kaspersky Lab. The Estonian Foreign Intelligence Service believes that members of this group work for the FSB of the Russian Federation.
Kaspersky Lab analysts compared the Sunburst hacking tool used during this attack with the already well-known Kazuar tool used by the Turla hacking group, which many experts associate with Russia, and found similarities in their code.
Similar tools were used to make both parts of the Sunburst malware invisible, as well as methods for detecting potential victims. Almost identical were the formulas used by attackers to calculate the time when viruses were in "sleep" mode in order to avoid detection.
"One such conclusion could be rejected. Two coincidences make me raise an eyebrow. Three is more than a coincidence, " said Costin Raiu, one of the study's authors.
About the cyber attack, dubbed the Sunburst, was known at the end of December. The malicious code was hidden in software updates of the IT company SolarWinds. According to reports, the attack lasted several months and was the longest and largest in the history of the United States.