Researchers have spotted notable code overlap between the Sunburst backdoor and a known Turla weapon. New details on the Sunburst backdoor used in the sprawling SolarWinds supply-chain attack potentially link it to previously known activity by the Turla advanced persistent threat (APT) group. Researchers at Kaspersky have uncovered several code similarities between Sunburst and the Kazuar backdoor. Kazuar is a malware written using the .NET framework that was first reported by Palo Alto in 2017 (though its development goes back to 2015). It has been spotted as part of cyberespionage attacks across the globe, according to Kaspersky. Researchers there said it has been consistently used together with known Turla tools during multiple breaches in the past three years. Turla (a.k.a. Snake, Venomous Bear, Waterbug or Uroboros), is a Russian-speaking threat actor known since 2014, but with roots that go back to 2004 and earlier, according to previous research from Kaspersky.