The hackers hacked the IT systems of US government agencies using tools used by the Russian cybercriminal group Turla. This is stated in a study by Kaspersky Lab. The Estonian Foreign Intelligence Service believes that the members of this group work for the FSB of the Russian Federation.
Analysts at Kaspersky Lab compared the Sunburst hacking tool used during this attack with the well-known Kazuar tool used by the Turla hacking group, which many experts associate with Russia, and found similarities in their code.
The tools used to make both parts of the malicious Sunburst invisible turned out to be similar, as well as the methods for detecting potential victims. The formulas used by cybercriminals to calculate the time when viruses were in “sleep” mode in order to avoid detection were almost identical.
“One such conclusion could be rejected. Two coincidences make me raise an eyebrow. Three is more than a coincidence, ”said one of the study’s authors, Costin Raiu.
The cyberattack, dubbed Sunburst, became known in late December. The malicious code was hidden in software updates by IT company SolarWinds. According to reports, the attack lasted several months and became the longest and largest in US history.