{"id":6516,"date":"2021-01-13T07:27:50","date_gmt":"2021-01-13T06:27:50","guid":{"rendered":"https:\/\/webhosting.de\/?p=6516"},"modified":"2021-01-13T07:27:51","modified_gmt":"2021-01-13T06:27:51","slug":"zonnewind-hack-loud-casperskij-verbinding-tussen-zonnestraal-en-kazuurblauw","status":"publish","type":"post","link":"https:\/\/webhosting.de\/nl\/solarwinds-hack-laut-kaspersky-verbindung-zwischen-sunburst-und-kazuar\/","title":{"rendered":"Zonnewind hack - Kaspersky zegt verbinding tussen Sunburst en Kazuar"},"content":{"rendered":"<p class=\"wp-block-paragraph\">IT-beveiligingsexperts van het bedrijf Kaspersky zien, volgens een <a href=\"https:\/\/securelist.com\/sunburst-backdoor-kazuar\/99981\/\" target=\"_blank\" rel=\"noreferrer noopener sponsored nofollow\">Blogbericht<\/a> op de recente <a href=\"https:\/\/webhosting.de\/nl\/nasa-pentagon-en-co-hackers-infiltratie-gevoelige-doelen\/\">Zonnewind hack<\/a>die NASA, het Pentagon en andere gevoelige doelen infiltreerde, heeft een connectie met de Kazuar malware. Bij het analyseren van de Sunburst-backdoor vonden de onderzoekers verschillende kenmerken die ook al werden gebruikt in de Kazuar-backdoor die in het .NET Framework was gemaakt.<\/p>\n\n\n\n<figure class=\"wp-block-pullquote\"><blockquote><p>\"Overeenkomsten in de code duiden op een verband tussen Kazuar en Sunburst, zij het van nog niet nader bepaalde aard.\"<\/p><cite>Kaspersky<\/cite><\/blockquote><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-malware-kazuar-seit-2017-bekannt\">Kazuar-malware bekend sinds 2017<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Volgens Kaspersky werd de Kazuar-malware voor het eerst ontdekt in 2017 en werd deze waarschijnlijk ontwikkeld door APT-acteur Turla, die Kazuar zou hebben gebruikt om wereldwijd cyberspionage te bedrijven. Enkele honderden militaire en overheidsdoelen zijn naar verluidt ge\u00efnfiltreerd in het proces. Turla werd voor het eerst gerapporteerd door Kaspersky en Symantec op de Black Hat 2014 conferentie in Vegas.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"391\" src=\"https:\/\/webhosting.de\/wp-content\/uploads\/2021\/01\/Sunburst_backdoor_Kazuar_01-1024x3911-1.png\" alt=\"\" class=\"wp-image-6517\" srcset=\"https:\/\/webhosting.de\/wp-content\/uploads\/2021\/01\/Sunburst_backdoor_Kazuar_01-1024x3911-1.png 1024w, https:\/\/webhosting.de\/wp-content\/uploads\/2021\/01\/Sunburst_backdoor_Kazuar_01-1024x3911-1-300x115.png 300w, https:\/\/webhosting.de\/wp-content\/uploads\/2021\/01\/Sunburst_backdoor_Kazuar_01-1024x3911-1-768x293.png 768w, https:\/\/webhosting.de\/wp-content\/uploads\/2021\/01\/Sunburst_backdoor_Kazuar_01-1024x3911-1-16x6.png 16w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption><em>Kazuar&nbsp;<\/em>Ontwikkelingsperiode (bron: securelist.com)<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Dit betekent echter niet automatisch dat Turla ook verantwoordelijk is voor de Solarwinds hack, waarbij 18.000 overheidsinstellingen, bedrijven en organisaties werden aangevallen via een Trojaanse versie van de Orion IT-beheersoftware.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-generierungsalgorithmus-aufweckalgorithmus-und-fnv1a-hash\">Generatie-algoritme, wake-up-algoritme en FNV1a-hasj<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Volgens de Kaspersky-analyse zijn de meest opvallende overeenkomsten tussen Sunburst en Kazuar het wekalgoritme, het slachtoffer-ID-generatiealgoritme en het gebruik van de FNV1a-hasj. De code die in deze gevallen wordt gebruikt heeft grote overeenkomsten, maar is niet volledig identiek. Sunburst en Kazuar lijken dus \"verwant\" te zijn, maar de precieze relatie tussen de twee malwares is nog niet vastgesteld.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Een waarschijnlijke verklaring is dat Sunburst en Kazuar door dezelfde ontwikkelaars zijn geschreven. Het kan echter ook zijn dat Sunburst is ontwikkeld door een andere groep die de succesvolle Kazuar-malware als sjabloon heeft gebruikt. Er is ook de mogelijkheid dat individuele ontwikkelaars van de Kazuar-ontwikkelingsgroep zich bij het Sunburst-team hebben gevoegd.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-false-flag-operation\">Valse vlagverrichting<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Het is echter ook mogelijk dat de overeenkomsten tussen Kazuar en Sunburst opzettelijk zijn ingebouwd om valse aanknopingspunten in de verwachte malware-analyses op te zetten.<\/p>\n\n\n\n<figure class=\"wp-block-pullquote\"><blockquote><p>\"De gevonden link onthult niet wie er achter de aanval van de Solarwinds zat, maar biedt verder inzicht dat onderzoekers kan helpen om deze analyse verder te brengen.\"<\/p><cite>Costin Raiu<\/cite><\/blockquote><\/figure>","protected":false},"excerpt":{"rendered":"<p>Een analyse van de Sunburst-malware toont grote overeenkomsten met Kazuar. Dit identificeert echter nog niet de ontwikkelaars.<\/p>","protected":false},"author":2,"featured_media":6461,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[685],"tags":[965,237],"class_list":["post-6516","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-allgemein","tag-kaspersky","tag-malware"],"acf":[],"_wp_attached_file":null,"_wp_attachment_metadata":null,"litespeed-optimize-size":null,"litespeed-optimize-set":null,"_elementor_source_image_hash":null,"_wp_attachment_image_alt":null,"stockpack_author_name":null,"stockpack_author_url":null,"stockpack_provider":null,"stockpack_image_url":null,"stockpack_license":null,"stockpack_license_url":null,"stockpack_modification":null,"color":null,"original_id":null,"original_url":null,"original_link":null,"unsplash_location":null,"unsplash_sponsor":null,"unsplash_exif":null,"unsplash_attachment_metadata":null,"_elementor_is_screenshot":null,"surfer_file_name":null,"surfer_file_original_url":null,"envato_tk_source_kit":null,"envato_tk_source_index":null,"envato_tk_manifest":null,"envato_tk_folder_name":null,"envato_tk_builder":null,"envato_elements_download_event":null,"_menu_item_type":null,"_menu_item_menu_item_parent":null,"_menu_item_object_id":null,"_menu_item_object":null,"_menu_item_target":null,"_menu_item_classes":null,"_menu_item_xfn":null,"_menu_item_url":null,"_trp_menu_languages":null,"rank_math_primary_category":"685","rank_math_title":null,"inline_featured_image":null,"_yoast_wpseo_primary_category":"685","rank_math_schema_blogposting":null,"rank_math_schema_videoobject":null,"_oembed_049c719bc4a9f89deaead66a7da9fddc":null,"_oembed_time_049c719bc4a9f89deaead66a7da9fddc":null,"_yoast_wpseo_focuskw":null,"_yoast_wpseo_linkdex":null,"_oembed_27e3473bf8bec795fbeb3a9d38489348":null,"_oembed_c3b0f6959478faf92a1f343d8f96b19e":null,"_trp_translated_slug_en_us":null,"_wp_desired_post_slug":null,"_yoast_wpseo_title":null,"tldname":null,"tldpreis":null,"tldrubrik":null,"tldpolicylink":null,"tldsize":null,"tldregistrierungsdauer":null,"tldtransfer":null,"tldwhoisprivacy":null,"tldregistrarchange":null,"tldregistrantchange":null,"tldwhoisupdate":null,"tldnameserverupdate":null,"tlddeletesofort":null,"tlddeleteexpire":null,"tldumlaute":null,"tldrestore":null,"tldsubcategory":null,"tldbildname":null,"tldbildurl":null,"tldclean":null,"tldcategory":null,"tldpolicy":null,"tldbesonderheiten":null,"tld_bedeutung":null,"_oembed_d167040d816d8f94c072940c8009f5f8":null,"_oembed_b0a0fa59ef14f8870da2c63f2027d064":null,"_oembed_4792fa4dfb2a8f09ab950a73b7f313ba":null,"_oembed_33ceb1fe54a8ab775d9410abf699878d":null,"_oembed_fd7014d14d919b45ec004937c0db9335":null,"_oembed_21a029d076783ec3e8042698c351bd7e":null,"_oembed_be5ea8a0c7b18e658f08cc571a909452":null,"_oembed_a9ca7a298b19f9b48ec5914e010294d2":null,"_oembed_f8db6b27d08a2bb1f920e7647808899a":null,"_oembed_168ebde5096e77d8a89326519af9e022":null,"_oembed_cdb76f1b345b42743edfe25481b6f98f":null,"_oembed_87b0613611ae54e86e8864265404b0a1":null,"_oembed_27aa0e5cf3f1bb4bc416a4641a5ac273":null,"_oembed_time_27aa0e5cf3f1bb4bc416a4641a5ac273":null,"_tldname":null,"_tldclean":null,"_tldpreis":null,"_tldcategory":null,"_tldsubcategory":null,"_tldpolicy":null,"_tldpolicylink":null,"_tldsize":null,"_tldregistrierungsdauer":null,"_tldtransfer":null,"_tldwhoisprivacy":null,"_tldregistrarchange":null,"_tldregistrantchange":null,"_tldwhoisupdate":null,"_tldnameserverupdate":null,"_tlddeletesofort":null,"_tlddeleteexpire":null,"_tldumlaute":null,"_tldrestore":null,"_tldbildname":null,"_tldbildurl":null,"_tld_bedeutung":null,"_tldbesonderheiten":null,"_oembed_ad96e4112edb9f8ffa35731d4098bc6b":null,"_oembed_8357e2b8a2575c74ed5978f262a10126":null,"_oembed_3d5fea5103dd0d22ec5d6a33eff7f863":null,"_eael_widget_elements":null,"_oembed_0d8a206f09633e3d62b95a15a4dd0487":null,"_oembed_time_0d8a206f09633e3d62b95a15a4dd0487":null,"_aioseo_description":null,"_eb_attr":null,"_eb_data_table":null,"_oembed_819a879e7da16dd629cfd15a97334c8a":null,"_oembed_time_819a879e7da16dd629cfd15a97334c8a":null,"_acf_changed":null,"_wpcode_auto_insert":null,"_edit_last":"1","_edit_lock":"1610519271:1","_oembed_e7b913c6c84084ed9702cb4feb012ddd":"{{unknown}}","_oembed_bfde9e10f59a17b85fc8917fa7edf782":"<iframe title=\"Theming Nextcloud in 37 seconds\" width=\"368\" height=\"207\" src=\"https:\/\/www.youtube.com\/embed\/wqRgeFXYUys?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>","_oembed_time_bfde9e10f59a17b85fc8917fa7edf782":"1610519280","_oembed_03514b67990db061d7c4672de26dc514":"<iframe title=\"Gaia X\" width=\"800\" height=\"450\" src=\"https:\/\/www.youtube.com\/embed\/NhqLt_NJ6FA?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>","_oembed_time_03514b67990db061d7c4672de26dc514":"1610519273","rank_math_news_sitemap_robots":"index","rank_math_robots":["index"],"_eael_post_view_count":"4292","_trp_automatically_translated_slug_ru_ru":null,"_trp_automatically_translated_slug_et":"solarwinds-hack-loud-caspersky-connection-between-sunburst-and-kazuar","_trp_automatically_translated_slug_lv":"solarwinds-hack-skaidrs-caspersky-savstarp-sunburst-and-kazuar","_trp_automatically_translated_slug_fr_fr":null,"_trp_automatically_translated_slug_en_us":null,"_wp_old_slug":null,"_trp_automatically_translated_slug_da_dk":null,"_trp_automatically_translated_slug_pl_pl":null,"_trp_automatically_translated_slug_es_es":null,"_trp_automatically_translated_slug_hu_hu":null,"_trp_automatically_translated_slug_fi":"solarwinds-hack-loud-caspersky-connection-between-sunburst-and-kazuar","_trp_automatically_translated_slug_ja":"%e3%82%b5%e3%83%b3%e3%83%90%e3%83%bc%e3%82%b9%e3%83%88%e3%81%a8%e3%82%ab%e3%82%ba%e3%82%a2%e3%81%ae%e9%96%93%e3%81%ae%e3%82%bd%e3%83%bc%e3%83%a9%e3%83%bc%e3%82%a6%e3%82%a3%e3%83%b3%e3%83%89%e3%83%8f","_trp_automatically_translated_slug_lt_lt":null,"_elementor_edit_mode":null,"_elementor_template_type":null,"_elementor_version":null,"_elementor_pro_version":null,"_wp_page_template":null,"_elementor_page_settings":null,"_elementor_data":null,"_elementor_css":null,"_elementor_conditions":null,"_happyaddons_elements_cache":null,"_oembed_75446120c39305f0da0ccd147f6de9cb":null,"_oembed_time_75446120c39305f0da0ccd147f6de9cb":null,"_oembed_3efb2c3e76a18143e7207993a2a6939a":"<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/BREAKING?src=hash&amp;ref_src=twsrc%5Etfw\">#BREAKING<\/a>: Texas takes the lead once more! Today, we\u2019re filing a lawsuit against <a href=\"https:\/\/twitter.com\/hashtag\/Google?src=hash&amp;ref_src=twsrc%5Etfw\">#Google<\/a> for anticompetitive conduct.<br><br>This internet Goliath used its power to manipulate the market, destroy competition, and harm YOU, the consumer. Stay tuned\u2026 <a href=\"https:\/\/t.co\/fdEVEWQb0e\">pic.twitter.com\/fdEVEWQb0e<\/a><\/p>&mdash; Texas Attorney General (@TXAG) <a href=\"https:\/\/twitter.com\/TXAG\/status\/1339283520099856384?ref_src=twsrc%5Etfw\">December 16, 2020<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>","_oembed_time_3efb2c3e76a18143e7207993a2a6939a":"1610519272","_oembed_59808117857ddf57e478a31d79f76e4d":"<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">Happy to follow-on report that a huge chunk of <a href=\"https:\/\/twitter.com\/Flickr?ref_src=twsrc%5Etfw\">@Flickr<\/a> compute just successfully made the transition to Graviton2 <a href=\"https:\/\/twitter.com\/Arm?ref_src=twsrc%5Etfw\">@ARM<\/a> in <a href=\"https:\/\/twitter.com\/awscloud?ref_src=twsrc%5Etfw\">@awscloud<\/a> this afternoon. More services coming shortly. My aim is to get to 100% of non-GPU <a href=\"https:\/\/twitter.com\/SmugMug?ref_src=twsrc%5Etfw\">@SmugMug<\/a> and <a href=\"https:\/\/twitter.com\/Flickr?ref_src=twsrc%5Etfw\">@Flickr<\/a> compute on ARM within the year. <a href=\"https:\/\/t.co\/fwXWdg06xx\">https:\/\/t.co\/fwXWdg06xx<\/a><\/p>&mdash; Don MacAskill (@DonMacAskill) <a href=\"https:\/\/twitter.com\/DonMacAskill\/status\/1314050996486561792?ref_src=twsrc%5Etfw\">October 8, 2020<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>","_oembed_time_59808117857ddf57e478a31d79f76e4d":"1610519272","_oembed_965c5b49aa8d22ce37dfb3bde0268600":"<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"de\" dir=\"ltr\">Der <a href=\"https:\/\/twitter.com\/hashtag\/Finanzausschuss?src=hash&amp;ref_src=twsrc%5Etfw\">#Finanzausschuss<\/a> im <a href=\"https:\/\/twitter.com\/hashtag\/Bundestag?src=hash&amp;ref_src=twsrc%5Etfw\">#Bundestag<\/a> hat das <a href=\"https:\/\/twitter.com\/hashtag\/Jahressteuergesetz?src=hash&amp;ref_src=twsrc%5Etfw\">#Jahressteuergesetz<\/a> beschlossen. Damit wurde auch die <a href=\"https:\/\/twitter.com\/hashtag\/Gemeinn%C3%BCtzigkeit?src=hash&amp;ref_src=twsrc%5Etfw\">#Gemeinn\u00fctzigkeit<\/a> f\u00fcr <a href=\"https:\/\/twitter.com\/hashtag\/Freifunk?src=hash&amp;ref_src=twsrc%5Etfw\">#Freifunk<\/a> Initiativen beschlossen. Das ganze geht jetzt in der kommenden Woche ins Plenum zur Abstimmung und direkt in den <a href=\"https:\/\/twitter.com\/hashtag\/Bundesrat?src=hash&amp;ref_src=twsrc%5Etfw\">#Bundesrat<\/a><\/p>&mdash; Jens Zimmermann (@JensZSPD) <a href=\"https:\/\/twitter.com\/JensZSPD\/status\/1336581821706989568?ref_src=twsrc%5Etfw\">December 9, 2020<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>","_oembed_time_965c5b49aa8d22ce37dfb3bde0268600":"1610519272","_oembed_81002f7ee3604f645db4ebcfd1912acf":"<iframe title=\"Netzetag bei der Telekom: Antennen, Breitband, Glasfaser\" width=\"800\" height=\"450\" src=\"https:\/\/www.youtube.com\/embed\/6_NTa3VCRFo?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>","_oembed_time_81002f7ee3604f645db4ebcfd1912acf":"1610519273","_elementor_screenshot":null,"_oembed_7ea3429961cf98fa85da9747683af827":null,"_oembed_time_7ea3429961cf98fa85da9747683af827":null,"_elementor_controls_usage":null,"_elementor_page_assets":[],"_elementor_screenshot_failed":null,"theplus_transient_widgets":null,"_eael_custom_js":null,"_wp_old_date":"2021-01-11","_trp_automatically_translated_slug_it_it":null,"_trp_automatically_translated_slug_pt_pt":null,"_trp_automatically_translated_slug_zh_cn":null,"_trp_automatically_translated_slug_nl_nl":null,"_trp_automatically_translated_slug_pt_br":null,"_trp_automatically_translated_slug_sv_se":null,"rank_math_analytic_object_id":"487","rank_math_internal_links_processed":null,"_trp_automatically_translated_slug_ro_ro":null,"_trp_automatically_translated_slug_sk_sk":null,"_trp_automatically_translated_slug_bg_bg":null,"_trp_automatically_translated_slug_sl_si":null,"litespeed_vpi_list":["webhostinglogo.png"],"litespeed_vpi_list_mobile":["webhostinglogo.png"],"rank_math_seo_score":null,"rank_math_contentai_score":null,"ilj_limitincominglinks":null,"ilj_maxincominglinks":null,"ilj_limitoutgoinglinks":null,"ilj_maxoutgoinglinks":null,"ilj_limitlinksperparagraph":null,"ilj_linksperparagraph":null,"ilj_blacklistdefinition":null,"ilj_linkdefinition":[],"_eb_reusable_block_ids":null,"rank_math_focus_keyword":null,"rank_math_og_content_image":null,"_yoast_wpseo_metadesc":"Eine Analyse der Sunburst Malware zeige gro\u00dfe \u00c4hnlichkeiten mit Kazuar. Dies identifiziert die Entwickler aber noch nicht.","_yoast_wpseo_content_score":"30","_yoast_wpseo_focuskeywords":"[]","_yoast_wpseo_keywordsynonyms":"[\"\"]","_yoast_wpseo_estimated-reading-time-minutes":null,"rank_math_description":"Eine Analyse der Sunburst Malware zeige gro\u00dfe \u00c4hnlichkeiten mit Kazuar. Dies identifiziert die Entwickler aber noch nicht.","surfer_last_post_update":null,"surfer_last_post_update_direction":null,"surfer_keywords":null,"surfer_location":null,"surfer_draft_id":null,"surfer_permalink_hash":null,"surfer_scrape_ready":null,"_thumbnail_id":"6461","footnotes":null,"_links":{"self":[{"href":"https:\/\/webhosting.de\/nl\/wp-json\/wp\/v2\/posts\/6516","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhosting.de\/nl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhosting.de\/nl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhosting.de\/nl\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/webhosting.de\/nl\/wp-json\/wp\/v2\/comments?post=6516"}],"version-history":[{"count":0,"href":"https:\/\/webhosting.de\/nl\/wp-json\/wp\/v2\/posts\/6516\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webhosting.de\/nl\/wp-json\/wp\/v2\/media\/6461"}],"wp:attachment":[{"href":"https:\/\/webhosting.de\/nl\/wp-json\/wp\/v2\/media?parent=6516"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhosting.de\/nl\/wp-json\/wp\/v2\/categories?post=6516"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhosting.de\/nl\/wp-json\/wp\/v2\/tags?post=6516"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}