{"id":6516,"date":"2021-01-13T07:27:50","date_gmt":"2021-01-13T06:27:50","guid":{"rendered":"https:\/\/webhosting.de\/?p=6516"},"modified":"2021-01-13T07:27:51","modified_gmt":"2021-01-13T06:27:51","slug":"vientos-solares-hack-loud-caspersky-conexion-entre-el-sol-y-kazuar","status":"publish","type":"post","link":"https:\/\/webhosting.de\/es\/solarwinds-hack-laut-kaspersky-verbindung-zwischen-sunburst-und-kazuar\/","title":{"rendered":"Pirateo de Solarwinds - Kaspersky dice que la conexi\u00f3n entre Sunburst y Kazuar"},"content":{"rendered":"<p class=\"wp-block-paragraph\">Los expertos en seguridad inform\u00e1tica de la compa\u00f1\u00eda Kaspersky ven, seg\u00fan un <a href=\"https:\/\/securelist.com\/sunburst-backdoor-kazuar\/99981\/\" target=\"_blank\" rel=\"noreferrer noopener sponsored nofollow\">Entrada en el blog...<\/a> en la reciente <a href=\"https:\/\/webhosting.de\/es\/nasa-pentagono-y-co-hackers-infiltran-objetivos-sensibles\/\">Solarwinds hack<\/a>que se infiltr\u00f3 en la NASA, el Pent\u00e1gono y otros objetivos sensibles, tiene una conexi\u00f3n con el malware Kazuar. Al analizar el backdoor Sunburst, los investigadores encontraron varias caracter\u00edsticas que ya se utilizaban en el backdoor Kazuar creado en .NET Framework.<\/p>\n\n\n\n<figure class=\"wp-block-pullquote\"><blockquote><p>\"Las similitudes en el c\u00f3digo indicaban una conexi\u00f3n entre Kazuar y el Estallido del Sol, aunque de naturaleza a\u00fan no determinada\".<\/p><cite>Kaspersky<\/cite><\/blockquote><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-malware-kazuar-seit-2017-bekannt\">El malware de Kazuar se conoce desde 2017<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Seg\u00fan Kaspersky, el malware de Kazuar fue descubierto por primera vez en 2017 y probablemente fue desarrollado por el actor de APT Turla, quien supuestamente utiliz\u00f3 a Kazuar para realizar ciberespionaje en todo el mundo. Se inform\u00f3 de que en el proceso se infiltraron varios cientos de objetivos militares y gubernamentales. Turla fue reportado por primera vez por Kaspersky y Symantec en la conferencia Black Hat 2014 en Las Vegas.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"391\" src=\"https:\/\/webhosting.de\/wp-content\/uploads\/2021\/01\/Sunburst_backdoor_Kazuar_01-1024x3911-1.png\" alt=\"\" class=\"wp-image-6517\" srcset=\"https:\/\/webhosting.de\/wp-content\/uploads\/2021\/01\/Sunburst_backdoor_Kazuar_01-1024x3911-1.png 1024w, https:\/\/webhosting.de\/wp-content\/uploads\/2021\/01\/Sunburst_backdoor_Kazuar_01-1024x3911-1-300x115.png 300w, https:\/\/webhosting.de\/wp-content\/uploads\/2021\/01\/Sunburst_backdoor_Kazuar_01-1024x3911-1-768x293.png 768w, https:\/\/webhosting.de\/wp-content\/uploads\/2021\/01\/Sunburst_backdoor_Kazuar_01-1024x3911-1-16x6.png 16w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption><em>Kazuar&nbsp;<\/em>Per\u00edodo de desarrollo (fuente: securelist.com)<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Sin embargo, esto no significa autom\u00e1ticamente que Turla sea tambi\u00e9n responsable del hack de Solarwinds, en el que 18.000 agencias gubernamentales, empresas y organizaciones fueron atacadas a trav\u00e9s de una versi\u00f3n troyana del software de gesti\u00f3n de TI Orion.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-generierungsalgorithmus-aufweckalgorithmus-und-fnv1a-hash\">Algoritmo de generaci\u00f3n, algoritmo de activaci\u00f3n y hash FNV1a<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Seg\u00fan el an\u00e1lisis de Kaspersky, las similitudes m\u00e1s sorprendentes entre Sunburst y Kazuar son el algoritmo de activaci\u00f3n, el algoritmo de generaci\u00f3n de identificaci\u00f3n de v\u00edctimas y el uso del hash FNV1a. El c\u00f3digo utilizado en estos casos tiene grandes similitudes, pero no es completamente id\u00e9ntico. Por lo tanto, Estallido del Sol y Kazuar parecen estar \"relacionados\", pero a\u00fan no se han determinado los detalles de la relaci\u00f3n exacta entre los dos malwares.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Una explicaci\u00f3n probable es que Estallido del Sol y Kazuar fueron escritos por los mismos desarrolladores. Sin embargo, tambi\u00e9n podr\u00eda ser que Sunburst fue desarrollado por un grupo diferente que utiliz\u00f3 el exitoso malware de Kazuar como plantilla. Tambi\u00e9n existe la posibilidad de que desarrolladores individuales del grupo de desarrollo de Kazuar se unieran al equipo de Sunburst.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-false-flag-operation\">Operaci\u00f3n de Falsa Bandera<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Sin embargo, tambi\u00e9n es posible que las similitudes entre Kazuar y Sunburst se hayan incorporado intencionadamente para establecer pistas falsas en los an\u00e1lisis de malware esperados.<\/p>\n\n\n\n<figure class=\"wp-block-pullquote\"><blockquote><p>\"El v\u00ednculo encontrado no revela qui\u00e9n estaba detr\u00e1s del ataque de Solarwinds, pero ofrece m\u00e1s informaci\u00f3n que puede ayudar a los investigadores a llevar este an\u00e1lisis m\u00e1s lejos.\"<\/p><cite>Costin Raiu<\/cite><\/blockquote><\/figure>","protected":false},"excerpt":{"rendered":"<p>Un an\u00e1lisis del malware de Sunburst muestra grandes similitudes con Kazuar. Sin embargo, esto todav\u00eda no identifica a los desarrolladores.<\/p>","protected":false},"author":2,"featured_media":6461,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[685],"tags":[965,237],"class_list":["post-6516","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-allgemein","tag-kaspersky","tag-malware"],"acf":[],"_wp_attached_file":null,"_wp_attachment_metadata":null,"litespeed-optimize-size":null,"litespeed-optimize-set":null,"_elementor_source_image_hash":null,"_wp_attachment_image_alt":null,"stockpack_author_name":null,"stockpack_author_url":null,"stockpack_provider":null,"stockpack_image_url":null,"stockpack_license":null,"stockpack_license_url":null,"stockpack_modification":null,"color":null,"original_id":null,"original_url":null,"original_link":null,"unsplash_location":null,"unsplash_sponsor":null,"unsplash_exif":null,"unsplash_attachment_metadata":null,"_elementor_is_screenshot":null,"surfer_file_name":null,"surfer_file_original_url":null,"envato_tk_source_kit":null,"envato_tk_source_index":null,"envato_tk_manifest":null,"envato_tk_folder_name":null,"envato_tk_builder":null,"envato_elements_download_event":null,"_menu_item_type":null,"_menu_item_menu_item_parent":null,"_menu_item_object_id":null,"_menu_item_object":null,"_menu_item_target":null,"_menu_item_classes":null,"_menu_item_xfn":null,"_menu_item_url":null,"_trp_menu_languages":null,"rank_math_primary_category":"685","rank_math_title":null,"inline_featured_image":null,"_yoast_wpseo_primary_category":"685","rank_math_schema_blogposting":null,"rank_math_schema_videoobject":null,"_oembed_049c719bc4a9f89deaead66a7da9fddc":null,"_oembed_time_049c719bc4a9f89deaead66a7da9fddc":null,"_yoast_wpseo_focuskw":null,"_yoast_wpseo_linkdex":null,"_oembed_27e3473bf8bec795fbeb3a9d38489348":null,"_oembed_c3b0f6959478faf92a1f343d8f96b19e":null,"_trp_translated_slug_en_us":null,"_wp_desired_post_slug":null,"_yoast_wpseo_title":null,"tldname":null,"tldpreis":null,"tldrubrik":null,"tldpolicylink":null,"tldsize":null,"tldregistrierungsdauer":null,"tldtransfer":null,"tldwhoisprivacy":null,"tldregistrarchange":null,"tldregistrantchange":null,"tldwhoisupdate":null,"tldnameserverupdate":null,"tlddeletesofort":null,"tlddeleteexpire":null,"tldumlaute":null,"tldrestore":null,"tldsubcategory":null,"tldbildname":null,"tldbildurl":null,"tldclean":null,"tldcategory":null,"tldpolicy":null,"tldbesonderheiten":null,"tld_bedeutung":null,"_oembed_d167040d816d8f94c072940c8009f5f8":null,"_oembed_b0a0fa59ef14f8870da2c63f2027d064":null,"_oembed_4792fa4dfb2a8f09ab950a73b7f313ba":null,"_oembed_33ceb1fe54a8ab775d9410abf699878d":null,"_oembed_fd7014d14d919b45ec004937c0db9335":null,"_oembed_21a029d076783ec3e8042698c351bd7e":null,"_oembed_be5ea8a0c7b18e658f08cc571a909452":null,"_oembed_a9ca7a298b19f9b48ec5914e010294d2":null,"_oembed_f8db6b27d08a2bb1f920e7647808899a":null,"_oembed_168ebde5096e77d8a89326519af9e022":null,"_oembed_cdb76f1b345b42743edfe25481b6f98f":null,"_oembed_87b0613611ae54e86e8864265404b0a1":null,"_oembed_27aa0e5cf3f1bb4bc416a4641a5ac273":null,"_oembed_time_27aa0e5cf3f1bb4bc416a4641a5ac273":null,"_tldname":null,"_tldclean":null,"_tldpreis":null,"_tldcategory":null,"_tldsubcategory":null,"_tldpolicy":null,"_tldpolicylink":null,"_tldsize":null,"_tldregistrierungsdauer":null,"_tldtransfer":null,"_tldwhoisprivacy":null,"_tldregistrarchange":null,"_tldregistrantchange":null,"_tldwhoisupdate":null,"_tldnameserverupdate":null,"_tlddeletesofort":null,"_tlddeleteexpire":null,"_tldumlaute":null,"_tldrestore":null,"_tldbildname":null,"_tldbildurl":null,"_tld_bedeutung":null,"_tldbesonderheiten":null,"_oembed_ad96e4112edb9f8ffa35731d4098bc6b":null,"_oembed_8357e2b8a2575c74ed5978f262a10126":null,"_oembed_3d5fea5103dd0d22ec5d6a33eff7f863":null,"_eael_widget_elements":null,"_oembed_0d8a206f09633e3d62b95a15a4dd0487":null,"_oembed_time_0d8a206f09633e3d62b95a15a4dd0487":null,"_aioseo_description":null,"_eb_attr":null,"_eb_data_table":null,"_oembed_819a879e7da16dd629cfd15a97334c8a":null,"_oembed_time_819a879e7da16dd629cfd15a97334c8a":null,"_acf_changed":null,"_wpcode_auto_insert":null,"_edit_last":"1","_edit_lock":"1610519271:1","_oembed_e7b913c6c84084ed9702cb4feb012ddd":"{{unknown}}","_oembed_bfde9e10f59a17b85fc8917fa7edf782":"<iframe title=\"Theming Nextcloud in 37 seconds\" width=\"368\" height=\"207\" src=\"https:\/\/www.youtube.com\/embed\/wqRgeFXYUys?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>","_oembed_time_bfde9e10f59a17b85fc8917fa7edf782":"1610519280","_oembed_03514b67990db061d7c4672de26dc514":"<iframe title=\"Gaia X\" width=\"800\" height=\"450\" src=\"https:\/\/www.youtube.com\/embed\/NhqLt_NJ6FA?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>","_oembed_time_03514b67990db061d7c4672de26dc514":"1610519273","rank_math_news_sitemap_robots":"index","rank_math_robots":["index"],"_eael_post_view_count":"4294","_trp_automatically_translated_slug_ru_ru":null,"_trp_automatically_translated_slug_et":"solarwinds-hack-loud-caspersky-connection-between-sunburst-and-kazuar","_trp_automatically_translated_slug_lv":"solarwinds-hack-skaidrs-caspersky-savstarp-sunburst-and-kazuar","_trp_automatically_translated_slug_fr_fr":null,"_trp_automatically_translated_slug_en_us":null,"_wp_old_slug":null,"_trp_automatically_translated_slug_da_dk":null,"_trp_automatically_translated_slug_pl_pl":null,"_trp_automatically_translated_slug_es_es":null,"_trp_automatically_translated_slug_hu_hu":null,"_trp_automatically_translated_slug_fi":"solarwinds-hack-loud-caspersky-connection-between-sunburst-and-kazuar","_trp_automatically_translated_slug_ja":"%e3%82%b5%e3%83%b3%e3%83%90%e3%83%bc%e3%82%b9%e3%83%88%e3%81%a8%e3%82%ab%e3%82%ba%e3%82%a2%e3%81%ae%e9%96%93%e3%81%ae%e3%82%bd%e3%83%bc%e3%83%a9%e3%83%bc%e3%82%a6%e3%82%a3%e3%83%b3%e3%83%89%e3%83%8f","_trp_automatically_translated_slug_lt_lt":null,"_elementor_edit_mode":null,"_elementor_template_type":null,"_elementor_version":null,"_elementor_pro_version":null,"_wp_page_template":null,"_elementor_page_settings":null,"_elementor_data":null,"_elementor_css":null,"_elementor_conditions":null,"_happyaddons_elements_cache":null,"_oembed_75446120c39305f0da0ccd147f6de9cb":null,"_oembed_time_75446120c39305f0da0ccd147f6de9cb":null,"_oembed_3efb2c3e76a18143e7207993a2a6939a":"<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/BREAKING?src=hash&amp;ref_src=twsrc%5Etfw\">#BREAKING<\/a>: Texas takes the lead once more! Today, we\u2019re filing a lawsuit against <a href=\"https:\/\/twitter.com\/hashtag\/Google?src=hash&amp;ref_src=twsrc%5Etfw\">#Google<\/a> for anticompetitive conduct.<br><br>This internet Goliath used its power to manipulate the market, destroy competition, and harm YOU, the consumer. Stay tuned\u2026 <a href=\"https:\/\/t.co\/fdEVEWQb0e\">pic.twitter.com\/fdEVEWQb0e<\/a><\/p>&mdash; Texas Attorney General (@TXAG) <a href=\"https:\/\/twitter.com\/TXAG\/status\/1339283520099856384?ref_src=twsrc%5Etfw\">December 16, 2020<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>","_oembed_time_3efb2c3e76a18143e7207993a2a6939a":"1610519272","_oembed_59808117857ddf57e478a31d79f76e4d":"<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">Happy to follow-on report that a huge chunk of <a href=\"https:\/\/twitter.com\/Flickr?ref_src=twsrc%5Etfw\">@Flickr<\/a> compute just successfully made the transition to Graviton2 <a href=\"https:\/\/twitter.com\/Arm?ref_src=twsrc%5Etfw\">@ARM<\/a> in <a href=\"https:\/\/twitter.com\/awscloud?ref_src=twsrc%5Etfw\">@awscloud<\/a> this afternoon. More services coming shortly. My aim is to get to 100% of non-GPU <a href=\"https:\/\/twitter.com\/SmugMug?ref_src=twsrc%5Etfw\">@SmugMug<\/a> and <a href=\"https:\/\/twitter.com\/Flickr?ref_src=twsrc%5Etfw\">@Flickr<\/a> compute on ARM within the year. <a href=\"https:\/\/t.co\/fwXWdg06xx\">https:\/\/t.co\/fwXWdg06xx<\/a><\/p>&mdash; Don MacAskill (@DonMacAskill) <a href=\"https:\/\/twitter.com\/DonMacAskill\/status\/1314050996486561792?ref_src=twsrc%5Etfw\">October 8, 2020<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>","_oembed_time_59808117857ddf57e478a31d79f76e4d":"1610519272","_oembed_965c5b49aa8d22ce37dfb3bde0268600":"<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"de\" dir=\"ltr\">Der <a href=\"https:\/\/twitter.com\/hashtag\/Finanzausschuss?src=hash&amp;ref_src=twsrc%5Etfw\">#Finanzausschuss<\/a> im <a href=\"https:\/\/twitter.com\/hashtag\/Bundestag?src=hash&amp;ref_src=twsrc%5Etfw\">#Bundestag<\/a> hat das <a href=\"https:\/\/twitter.com\/hashtag\/Jahressteuergesetz?src=hash&amp;ref_src=twsrc%5Etfw\">#Jahressteuergesetz<\/a> beschlossen. Damit wurde auch die <a href=\"https:\/\/twitter.com\/hashtag\/Gemeinn%C3%BCtzigkeit?src=hash&amp;ref_src=twsrc%5Etfw\">#Gemeinn\u00fctzigkeit<\/a> f\u00fcr <a href=\"https:\/\/twitter.com\/hashtag\/Freifunk?src=hash&amp;ref_src=twsrc%5Etfw\">#Freifunk<\/a> Initiativen beschlossen. Das ganze geht jetzt in der kommenden Woche ins Plenum zur Abstimmung und direkt in den <a href=\"https:\/\/twitter.com\/hashtag\/Bundesrat?src=hash&amp;ref_src=twsrc%5Etfw\">#Bundesrat<\/a><\/p>&mdash; Jens Zimmermann (@JensZSPD) <a href=\"https:\/\/twitter.com\/JensZSPD\/status\/1336581821706989568?ref_src=twsrc%5Etfw\">December 9, 2020<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>","_oembed_time_965c5b49aa8d22ce37dfb3bde0268600":"1610519272","_oembed_81002f7ee3604f645db4ebcfd1912acf":"<iframe title=\"Netzetag bei der Telekom: Antennen, Breitband, Glasfaser\" width=\"800\" height=\"450\" src=\"https:\/\/www.youtube.com\/embed\/6_NTa3VCRFo?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>","_oembed_time_81002f7ee3604f645db4ebcfd1912acf":"1610519273","_elementor_screenshot":null,"_oembed_7ea3429961cf98fa85da9747683af827":null,"_oembed_time_7ea3429961cf98fa85da9747683af827":null,"_elementor_controls_usage":null,"_elementor_page_assets":[],"_elementor_screenshot_failed":null,"theplus_transient_widgets":null,"_eael_custom_js":null,"_wp_old_date":"2021-01-11","_trp_automatically_translated_slug_it_it":null,"_trp_automatically_translated_slug_pt_pt":null,"_trp_automatically_translated_slug_zh_cn":null,"_trp_automatically_translated_slug_nl_nl":null,"_trp_automatically_translated_slug_pt_br":null,"_trp_automatically_translated_slug_sv_se":null,"rank_math_analytic_object_id":"487","rank_math_internal_links_processed":null,"_trp_automatically_translated_slug_ro_ro":null,"_trp_automatically_translated_slug_sk_sk":null,"_trp_automatically_translated_slug_bg_bg":null,"_trp_automatically_translated_slug_sl_si":null,"litespeed_vpi_list":["webhostinglogo.png"],"litespeed_vpi_list_mobile":["webhostinglogo.png"],"rank_math_seo_score":null,"rank_math_contentai_score":null,"ilj_limitincominglinks":null,"ilj_maxincominglinks":null,"ilj_limitoutgoinglinks":null,"ilj_maxoutgoinglinks":null,"ilj_limitlinksperparagraph":null,"ilj_linksperparagraph":null,"ilj_blacklistdefinition":null,"ilj_linkdefinition":[],"_eb_reusable_block_ids":null,"rank_math_focus_keyword":null,"rank_math_og_content_image":null,"_yoast_wpseo_metadesc":"Eine Analyse der Sunburst Malware zeige gro\u00dfe \u00c4hnlichkeiten mit Kazuar. Dies identifiziert die Entwickler aber noch nicht.","_yoast_wpseo_content_score":"30","_yoast_wpseo_focuskeywords":"[]","_yoast_wpseo_keywordsynonyms":"[\"\"]","_yoast_wpseo_estimated-reading-time-minutes":null,"rank_math_description":"Eine Analyse der Sunburst Malware zeige gro\u00dfe \u00c4hnlichkeiten mit Kazuar. Dies identifiziert die Entwickler aber noch nicht.","surfer_last_post_update":null,"surfer_last_post_update_direction":null,"surfer_keywords":null,"surfer_location":null,"surfer_draft_id":null,"surfer_permalink_hash":null,"surfer_scrape_ready":null,"_thumbnail_id":"6461","footnotes":null,"_links":{"self":[{"href":"https:\/\/webhosting.de\/es\/wp-json\/wp\/v2\/posts\/6516","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhosting.de\/es\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhosting.de\/es\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhosting.de\/es\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/webhosting.de\/es\/wp-json\/wp\/v2\/comments?post=6516"}],"version-history":[{"count":0,"href":"https:\/\/webhosting.de\/es\/wp-json\/wp\/v2\/posts\/6516\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webhosting.de\/es\/wp-json\/wp\/v2\/media\/6461"}],"wp:attachment":[{"href":"https:\/\/webhosting.de\/es\/wp-json\/wp\/v2\/media?parent=6516"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhosting.de\/es\/wp-json\/wp\/v2\/categories?post=6516"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhosting.de\/es\/wp-json\/wp\/v2\/tags?post=6516"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}