SolarWinds malware has “curious” ties to Russian-speaking hackers
The malware used to hack Microsoft, security company FireEye, and at least a half-dozen federal agencies has “interesting similarities” to malicious software that has been circulating since at least 2015, researchers said on Monday.
Sunburst is the name security researchers have given to malware that infected about 18,000 organizations when they installed a malicious update for Orion, a network management tool sold by Austin, Texas-based SolarWinds. The unknown attackers who planted Sunburst in Orion used it to install additional malware that burrowed further into select networks of interest. With infections that hit the Departments of Justice, Commerce, Treasury, Energy, and Homeland Security, the hack campaign is among the worst in modern US history.
The National Security Agency, the FBI, and two other federal agencies last week said that the Russian government was “likely” behind the attack, which began no later than October 2019. While several news sources, citing unnamed officials, have reported the intrusions were the work of the Kremlin’s SVR, or Foreign Intelligence Service, researchers continue to look for evidence that definitively proves or disproves the statements.
Source : https://arstechnica.com/?p=1734211