Tuesday, 12 January 2021 11:20

Kaspersky: old malware and SolarWinds attack code similar, but don't leap to conclusions Featured

0
Shares
By
Pixabay

Russian security firm Kaspersky says it has found some similarities in the methods used by the SUNBURST malware, that was used in a supply chain attack on a number of US firms disclosed in December, and long-time attacker, the Turla Group.

But in a blog post, the company also cautioned that these findings needed to be taken with a grain of salt and not to indicate that the two groups were related, as there could be many reasons why these similarities existed.

The supply chain attack came to light when FireEye announced on 9 December AEDT that it had been compromised and had its Red Team tools stolen.

Five days later, the firm about attacks using malware which it called SUNBURST; it said this malware had been used to hit both private and public entities, by corrupting the Orion network management software, a product of SolarWinds.

The post, authored by Georgy Kucherin, Igor Kuznetsov and Costin Raiu, said the victim UID generation algorithm, the sleeping algorithm — which governed the time between the malware gaining access and its activation — and the extensive usage of the FNV-1a hash were the similarities they had observed between a previously identified backdoor known as Kazuar, and SUNBURST.

"We believe it’s important that other researchers around the world investigate these similarities and attempt to discover more facts about Kazuar and the origin of Sunburst, the malware used in the SolarWinds breach," the Kaspersky trio wrote.

"If we consider past experience, looking back to the WannaCry attack, in the early days, there were very few facts linking them to the Lazarus group. In time, more evidence appeared and allowed us, and others, to link them together with high confidence. Further research on this topic can be crucial in connecting the dots."

Kucherin, Kuznetsov and Raiu said the following reasons could account for the similarities between SUNBURST and Kazuar:


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Published in Security
Tagged under
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Latest from Sam Varghese

Related items

More in this category: « NSW Health among users of compromised network management tool
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top