Researchers at Kaspersky have recently discovered considerable similarities between the Sunburst and Kazuar backdoors. The similarities potentially link the Sunburst backdoors, used in the SolarWinds supply-chain attack, to a previously known Turla weapon. Kazuar, a malware written using the .NET framework, was first reported in 2017. These have been used in unison throughout various breaches over the past three years.
Kaspersky claims that the Russian threat-actor, Turla (also known as Snake, Venomous Bear, Waterbug or Uroboros), has roots going back to at least 2004, if not earlier.
