The group behind a globalcyber-espionage campaign discovered last month deployed malicious computer code with links to spying tools previously used by suspected Russian hackers, researchers said on Monday.
Investigators at Moscow-based cybersecurity firm Kaspersky said the “backdoor” used to compromise up to 18,000 customers of SolarWinds resembled malware tied to the hacking group “Turla”, which Estonian authorities have said operates on behalf of Russia’s FSB security service. The findings are the first publicly-available evidence to support assertions by the U.S. that Russia orchestrated the hack, which compromised a raft of sensitive federal agencies.
Moscow has repeatedly denied the allegations.