SolarWinds hackers linked to known Russian spying tools, investigators say

The group behind a global cyber-espionage campaign discovered last month deployed malicious computer code with links to spying tools previously used by suspected Russian hackers, researchers said on Monday. Investigators at Moscow-based cybersecurity firm Kaspersky said the "backdoor" used to compromise up to 18,000 customers of U.S. software maker SolarWinds closely resembled malware tied to a hacking group known as "Turla," which Estonian authorities have said operates on behalf of Russia's FSB security service.

Reuters | Washington DC | Updated: 11-01-2021 15:54 IST | Created: 11-01-2021 15:30 IST
SolarWinds hackers linked to known Russian spying tools, investigators say
Representative Image Image Credit: ANI

The group behind a global cyber-espionage campaign discovered last month deployed malicious computer code with links to spying tools previously used by suspected Russian hackers, researchers said on Monday.

Investigators at Moscow-based cybersecurity firm Kaspersky said the "backdoor" used to compromise up to 18,000 customers of U.S. software maker SolarWinds closely resembled malware tied to a hacking group known as "Turla," which Estonian authorities have said operates on behalf of Russia's FSB security service. The findings are the first publicly-available evidence to support assertions by the United States that Russia orchestrated the hack, which compromised a raft of sensitive federal agencies and is among the most ambitious cyber operations ever disclosed.

Moscow has repeatedly denied the allegations. The FSB did not respond to a request for comment. Costin Raiu, head of global research and analysis at Kaspersky, said there were three distinct similarities between the SolarWinds backdoor and a hacking tool called "Kazuar" which is used by Turla.

The similarities included the way both pieces of malware attempted to obscure their functions from security analysts, how the hackers identified their victims, and the formula used to calculate periods when the viruses lay dormant in an effort to avoid detection. "One such finding could be dismissed," Raiu said. "Two things definitely make me raise an eyebrow. Three is more than a coincidence."

Confidently attributing cyberattacks is extremely difficult and strewn with possible pitfalls. When Russian hackers disrupted the Winter Olympics opening ceremony in 2018, for example, they deliberately imitated a North Korean group to try and deflect the blame. Raiu said the digital clues uncovered by his team did not directly implicate Turla in the SolarWinds compromise, but did show there was a yet-to-be determined connection between the two hacking tools.

It's possible they were deployed by the same group, he said, but also that Kazuar inspired the SolarWinds hackers, both tools were purchased from the same spyware developer, or even that the attackers planted "false flags" to mislead investigators. Security teams in the United States and other countries are still working to determine the full scope of the SolarWinds hack. Investigators have said it could take months to understand the extent of the compromise and even longer to evict the hackers from victim networks.

U.S. intelligence agencies have said the hackers were "likely Russian in origin" and targeted a small number of high-profile victims as part of an intelligence-gathering operation.

(This story has not been edited by Devdiscourse staff and is auto-generated from a syndicated feed.)


TRENDING

OPINION / BLOG / INTERVIEW

Addressing conflict-related sexual violence at long last

... ...

Why unequal access to coronavirus vaccines is a threat to us all

... ...

India’s love affair with fossil fuels: the path to sustainable development?

... ...

Videos

Latest News

Capitol Police chief appeals for National Guard to stay

Worried about continuing threats, the acting chief of the US Capitol Police has appealed to congressional leaders to use their influence to keep National Guard troops at the Capitol, two months after the law enforcement breakdowns of the de...

WEG taps Nokia DAC 5G SA platform for Industry 4.0 project

WEG Brazil has tapped Nokia for the Open Lab WEGV2COM project to accelerate the development of Industry 4.0 solutions using 5G technology, the Finnish telecom giant announced on Thursday.Commenting on the partnership, Marcelo Entreconti, He...

Aanand L Rai to venture into Marathi cinema with Paresh Mokashi's next film

Filmmaker Aanand L Rai on Friday announced his foray into Marathi cinema with AatmaPamphlet.Rai, who has directed and produced films like Tanu Weds Manu, Raanjhanaa, Shubh Mangal Saavdhan, has joined hands with filmmaker Paresh Mokashi of H...

Looking forward to scouting new players from IWL: Maymol Rocky

Womens football action in India is all set to get underway at the national level as the Indian Womens League IWL is set to start. The 2020-21 edition will take place in Odisha. Indian womens national team head coach Maymol Rocky expressed h...

Give Feedback