In a brave move, Russian firm fingers its own govt as one possible source of cyber badness
Gareth Corfield Tue 12 Jan 2021 // 06:56 UTC Share
Copy
Kaspersky Lab reckons the SolarWinds hackers may have hailed from the Turla malware group, itself linked to Russia’s FSB security service.
Referring to the hidden backdoor secretly implanted in SolarWinds Orion product, Kaspersky’s Georgy Kucherin wrote in a blog post on Monday: “While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar.”
Kaspersky, itself a Russian company, linked that Kazuar remote-access hole (a .NET nasty) with previous research by Palo Alto Networks which attributed it to the Russian state-sponsored Turla crew, who were last spotted targeting the Armenian government and Austria’s Foreign Office.
Maker of developer tools says it played no role in the attack, hasn t heard from investigators Share
Copy
The SolarWinds security breach disclosed last month, which US authorities believe was of Russian origin and led to the compromise of at least 18,000 organizations, may have been enabled in part by software from JetBrains.
The company, founded by Russian software developers and based in the Czech Republic, makes software development tools. One of these, build management and continuous integration system TeamCity, is used by SolarWinds as part of its application build process.
The New York Times on Wednesday reported that unidentified sources familiar with the SolarWinds investigation say investigators are looking into whether JetBrains software was involved. Separately, Reuters said the FBI is scrutinizing TeamCity to see whether the software played a role in the compromise of the SolarWinds build system.