The SolarWinds’ Orion breach, which is believed to have affected 18,000 organizations, led to follow-on attacks on government agencies and others.
Although the agencies did not name the hacking group responsible, The Washington Post and other news media outlets have reported that the threat actor is likely a Russian APT known as APT29 or Cozy Bear. Russia has denied playing any role the attack (see:
Dormancy Issue
Kaspersky researchers say they found three overlaps between Sunburst and Kazuar. That includes the sleeping algorithm that calculates the time between when the backdoors are planted within a network and when they connect to the attackers command-and-control server.