{"id":6516,"date":"2021-01-13T07:27:50","date_gmt":"2021-01-13T06:27:50","guid":{"rendered":"https:\/\/webhosting.de\/?p=6516"},"modified":"2021-01-13T07:27:51","modified_gmt":"2021-01-13T06:27:51","slug":"solarwinds-hack-loud-caspersky-connection-between-sunburst-and-kazuar","status":"publish","type":"post","link":"https:\/\/webhosting.de\/sv\/solarwinds-hack-laut-kaspersky-verbindung-zwischen-sunburst-und-kazuar\/","title":{"rendered":"Solarwinds hack - Kaspersky s\u00e4ger att det finns en koppling mellan Sunburst och Kazuar"},"content":{"rendered":"<p class=\"wp-block-paragraph\">IT-s\u00e4kerhetsexperter fr\u00e5n f\u00f6retaget Kaspersky ser, enligt en <a href=\"https:\/\/securelist.com\/sunburst-backdoor-kazuar\/99981\/\" target=\"_blank\" rel=\"noreferrer noopener sponsored nofollow\">Blogginl\u00e4gg<\/a> vid den nyligen genomf\u00f6rda <a href=\"https:\/\/webhosting.de\/sv\/nasa-pentagon-and-co-hackers-infiltrate-sensitive-targets\/\">Solarwinds hack<\/a>som infiltrerade NASA, Pentagon och andra k\u00e4nsliga m\u00e5l, har en koppling till skadlig kod Kazuar. Vid analysen av Sunburst-bakd\u00f6rren fann forskarna flera funktioner som redan anv\u00e4ndes i Kazuar-bakd\u00f6rren som skapats i .NET Framework.<\/p>\n\n\n\n<figure class=\"wp-block-pullquote\"><blockquote><p>\"Likheterna i koden tyder p\u00e5 en koppling mellan Kazuar och Sunburst, \u00e4ven om den \u00e4nnu inte \u00e4r fastst\u00e4lld.\"<\/p><cite>Kaspersky<\/cite><\/blockquote><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-malware-kazuar-seit-2017-bekannt\">Kazuar malware k\u00e4nt sedan 2017<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Enligt Kaspersky uppt\u00e4cktes skadlig kod Kazuar f\u00f6r f\u00f6rsta g\u00e5ngen 2017 och utvecklades sannolikt av APT-akt\u00f6ren Turla, som p\u00e5st\u00e5s ha anv\u00e4nt Kazuar f\u00f6r att bedriva cyberspionage runt om i v\u00e4rlden. Flera hundra milit\u00e4ra och statliga m\u00e5l s\u00e4gs ha infiltrerats under processen. Turla rapporterades f\u00f6rst av Kaspersky och Symantec vid Black Hat 2014-konferensen i Vegas.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"391\" src=\"https:\/\/webhosting.de\/wp-content\/uploads\/2021\/01\/Sunburst_backdoor_Kazuar_01-1024x3911-1.png\" alt=\"\" class=\"wp-image-6517\" srcset=\"https:\/\/webhosting.de\/wp-content\/uploads\/2021\/01\/Sunburst_backdoor_Kazuar_01-1024x3911-1.png 1024w, https:\/\/webhosting.de\/wp-content\/uploads\/2021\/01\/Sunburst_backdoor_Kazuar_01-1024x3911-1-300x115.png 300w, https:\/\/webhosting.de\/wp-content\/uploads\/2021\/01\/Sunburst_backdoor_Kazuar_01-1024x3911-1-768x293.png 768w, https:\/\/webhosting.de\/wp-content\/uploads\/2021\/01\/Sunburst_backdoor_Kazuar_01-1024x3911-1-16x6.png 16w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption><em>Kazuar&nbsp;<\/em>Utvecklingsperiod (k\u00e4lla: securelist.com)<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Detta betyder dock inte automatiskt att Turla ocks\u00e5 \u00e4r ansvarig f\u00f6r Solarwinds hack, d\u00e4r 18 000 myndigheter, f\u00f6retag och organisationer attackerades via en trojaniserad version av IT-hanteringsprogrammet Orion.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-generierungsalgorithmus-aufweckalgorithmus-und-fnv1a-hash\">Genereringsalgoritm, v\u00e4ckningsalgoritm och FNV1a-hash.<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Enligt Kasperskys analys \u00e4r de mest sl\u00e5ende likheterna mellan Sunburst och Kazuar algoritmen f\u00f6r att v\u00e4cka upp, algoritmen f\u00f6r att generera offer-ID och anv\u00e4ndningen av FNV1a-hash. Den kod som anv\u00e4nds i dessa fall har stora likheter, men \u00e4r inte helt identisk. Sunburst och Kazuar verkar d\u00e4rf\u00f6r vara \"besl\u00e4ktade\", men detaljerna om det exakta f\u00f6rh\u00e5llandet mellan de tv\u00e5 skadorna har \u00e4nnu inte fastst\u00e4llts.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">En trolig f\u00f6rklaring \u00e4r att Sunburst och Kazuar skrevs av samma utvecklare. Men det kan ocks\u00e5 vara s\u00e5 att Sunburst utvecklades av en annan grupp som anv\u00e4nde den framg\u00e5ngsrika skadlig kod Kazuar som mall. Det finns ocks\u00e5 en m\u00f6jlighet att enskilda utvecklare fr\u00e5n Kazuars utvecklingsgrupp har anslutit sig till Sunburst-teamet.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-false-flag-operation\">Operation under falsk flagg<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Det \u00e4r dock ocks\u00e5 m\u00f6jligt att likheterna mellan Kazuar och Sunburst var avsiktligt inbyggda f\u00f6r att skapa falska ledtr\u00e5dar i de f\u00f6rv\u00e4ntade analyserna av skadlig kod.<\/p>\n\n\n\n<figure class=\"wp-block-pullquote\"><blockquote><p>\"L\u00e4nken som hittades avsl\u00f6jar inte vem som l\u00e5g bakom Solarwinds attack, men ger ytterligare information som kan hj\u00e4lpa forskarna att g\u00e5 vidare med analysen.\"<\/p><cite>Costin Raiu<\/cite><\/blockquote><\/figure>","protected":false},"excerpt":{"rendered":"<p>En analys av Sunburst malware visar stora likheter med Kazuar. Detta identifierar dock \u00e4nnu inte utvecklarna.<\/p>","protected":false},"author":2,"featured_media":6461,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_crdt_document":"","inline_featured_image":false,"footnotes":""},"categories":[685],"tags":[965,237],"class_list":["post-6516","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-allgemein","tag-kaspersky","tag-malware"],"acf":[],"_wp_attached_file":null,"_wp_attachment_metadata":null,"litespeed-optimize-size":null,"litespeed-optimize-set":null,"_elementor_source_image_hash":null,"_wp_attachment_image_alt":null,"stockpack_author_name":null,"stockpack_author_url":null,"stockpack_provider":null,"stockpack_image_url":null,"stockpack_license":null,"stockpack_license_url":null,"stockpack_modification":null,"color":null,"original_id":null,"original_url":null,"original_link":null,"unsplash_location":null,"unsplash_sponsor":null,"unsplash_exif":null,"unsplash_attachment_metadata":null,"_elementor_is_screenshot":null,"surfer_file_name":null,"surfer_file_original_url":null,"envato_tk_source_kit":null,"envato_tk_source_index":null,"envato_tk_manifest":null,"envato_tk_folder_name":null,"envato_tk_builder":null,"envato_elements_download_event":null,"_menu_item_type":null,"_menu_item_menu_item_parent":null,"_menu_item_object_id":null,"_menu_item_object":null,"_menu_item_target":null,"_menu_item_classes":null,"_menu_item_xfn":null,"_menu_item_url":null,"_trp_menu_languages":null,"rank_math_primary_category":"685","rank_math_title":null,"inline_featured_image":null,"_yoast_wpseo_primary_category":"685","rank_math_schema_blogposting":null,"rank_math_schema_videoobject":null,"_oembed_049c719bc4a9f89deaead66a7da9fddc":null,"_oembed_time_049c719bc4a9f89deaead66a7da9fddc":null,"_yoast_wpseo_focuskw":null,"_yoast_wpseo_linkdex":null,"_oembed_27e3473bf8bec795fbeb3a9d38489348":null,"_oembed_c3b0f6959478faf92a1f343d8f96b19e":null,"_trp_translated_slug_en_us":null,"_wp_desired_post_slug":null,"_yoast_wpseo_title":null,"tldname":null,"tldpreis":null,"tldrubrik":null,"tldpolicylink":null,"tldsize":null,"tldregistrierungsdauer":null,"tldtransfer":null,"tldwhoisprivacy":null,"tldregistrarchange":null,"tldregistrantchange":null,"tldwhoisupdate":null,"tldnameserverupdate":null,"tlddeletesofort":null,"tlddeleteexpire":null,"tldumlaute":null,"tldrestore":null,"tldsubcategory":null,"tldbildname":null,"tldbildurl":null,"tldclean":null,"tldcategory":null,"tldpolicy":null,"tldbesonderheiten":null,"tld_bedeutung":null,"_oembed_d167040d816d8f94c072940c8009f5f8":null,"_oembed_b0a0fa59ef14f8870da2c63f2027d064":null,"_oembed_4792fa4dfb2a8f09ab950a73b7f313ba":null,"_oembed_33ceb1fe54a8ab775d9410abf699878d":null,"_oembed_fd7014d14d919b45ec004937c0db9335":null,"_oembed_21a029d076783ec3e8042698c351bd7e":null,"_oembed_be5ea8a0c7b18e658f08cc571a909452":null,"_oembed_a9ca7a298b19f9b48ec5914e010294d2":null,"_oembed_f8db6b27d08a2bb1f920e7647808899a":null,"_oembed_168ebde5096e77d8a89326519af9e022":null,"_oembed_cdb76f1b345b42743edfe25481b6f98f":null,"_oembed_87b0613611ae54e86e8864265404b0a1":null,"_oembed_27aa0e5cf3f1bb4bc416a4641a5ac273":null,"_oembed_time_27aa0e5cf3f1bb4bc416a4641a5ac273":null,"_tldname":null,"_tldclean":null,"_tldpreis":null,"_tldcategory":null,"_tldsubcategory":null,"_tldpolicy":null,"_tldpolicylink":null,"_tldsize":null,"_tldregistrierungsdauer":null,"_tldtransfer":null,"_tldwhoisprivacy":null,"_tldregistrarchange":null,"_tldregistrantchange":null,"_tldwhoisupdate":null,"_tldnameserverupdate":null,"_tlddeletesofort":null,"_tlddeleteexpire":null,"_tldumlaute":null,"_tldrestore":null,"_tldbildname":null,"_tldbildurl":null,"_tld_bedeutung":null,"_tldbesonderheiten":null,"_oembed_ad96e4112edb9f8ffa35731d4098bc6b":null,"_oembed_8357e2b8a2575c74ed5978f262a10126":null,"_oembed_3d5fea5103dd0d22ec5d6a33eff7f863":null,"_eael_widget_elements":null,"_oembed_0d8a206f09633e3d62b95a15a4dd0487":null,"_oembed_time_0d8a206f09633e3d62b95a15a4dd0487":null,"_aioseo_description":null,"_eb_attr":null,"_eb_data_table":null,"_oembed_819a879e7da16dd629cfd15a97334c8a":null,"_oembed_time_819a879e7da16dd629cfd15a97334c8a":null,"_acf_changed":null,"_wpcode_auto_insert":null,"_edit_last":"1","_edit_lock":"1610519271:1","_oembed_e7b913c6c84084ed9702cb4feb012ddd":"{{unknown}}","_oembed_bfde9e10f59a17b85fc8917fa7edf782":"<iframe title=\"Theming Nextcloud in 37 seconds\" width=\"368\" height=\"207\" src=\"https:\/\/www.youtube.com\/embed\/wqRgeFXYUys?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>","_oembed_time_bfde9e10f59a17b85fc8917fa7edf782":"1610519280","_oembed_03514b67990db061d7c4672de26dc514":"<iframe title=\"Gaia X\" width=\"800\" height=\"450\" src=\"https:\/\/www.youtube.com\/embed\/NhqLt_NJ6FA?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>","_oembed_time_03514b67990db061d7c4672de26dc514":"1610519273","rank_math_news_sitemap_robots":"index","rank_math_robots":["index"],"_eael_post_view_count":"4184","_trp_automatically_translated_slug_ru_ru":null,"_trp_automatically_translated_slug_et":"solarwinds-hack-loud-caspersky-connection-between-sunburst-and-kazuar","_trp_automatically_translated_slug_lv":"solarwinds-hack-skaidrs-caspersky-savstarp-sunburst-and-kazuar","_trp_automatically_translated_slug_fr_fr":null,"_trp_automatically_translated_slug_en_us":null,"_wp_old_slug":null,"_trp_automatically_translated_slug_da_dk":null,"_trp_automatically_translated_slug_pl_pl":null,"_trp_automatically_translated_slug_es_es":null,"_trp_automatically_translated_slug_hu_hu":null,"_trp_automatically_translated_slug_fi":"solarwinds-hack-loud-caspersky-connection-between-sunburst-and-kazuar","_trp_automatically_translated_slug_ja":"%e3%82%b5%e3%83%b3%e3%83%90%e3%83%bc%e3%82%b9%e3%83%88%e3%81%a8%e3%82%ab%e3%82%ba%e3%82%a2%e3%81%ae%e9%96%93%e3%81%ae%e3%82%bd%e3%83%bc%e3%83%a9%e3%83%bc%e3%82%a6%e3%82%a3%e3%83%b3%e3%83%89%e3%83%8f","_trp_automatically_translated_slug_lt_lt":null,"_elementor_edit_mode":null,"_elementor_template_type":null,"_elementor_version":null,"_elementor_pro_version":null,"_wp_page_template":null,"_elementor_page_settings":null,"_elementor_data":null,"_elementor_css":null,"_elementor_conditions":null,"_happyaddons_elements_cache":null,"_oembed_75446120c39305f0da0ccd147f6de9cb":null,"_oembed_time_75446120c39305f0da0ccd147f6de9cb":null,"_oembed_3efb2c3e76a18143e7207993a2a6939a":"<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/BREAKING?src=hash&amp;ref_src=twsrc%5Etfw\">#BREAKING<\/a>: Texas takes the lead once more! Today, we\u2019re filing a lawsuit against <a href=\"https:\/\/twitter.com\/hashtag\/Google?src=hash&amp;ref_src=twsrc%5Etfw\">#Google<\/a> for anticompetitive conduct.<br><br>This internet Goliath used its power to manipulate the market, destroy competition, and harm YOU, the consumer. Stay tuned\u2026 <a href=\"https:\/\/t.co\/fdEVEWQb0e\">pic.twitter.com\/fdEVEWQb0e<\/a><\/p>&mdash; Texas Attorney General (@TXAG) <a href=\"https:\/\/twitter.com\/TXAG\/status\/1339283520099856384?ref_src=twsrc%5Etfw\">December 16, 2020<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>","_oembed_time_3efb2c3e76a18143e7207993a2a6939a":"1610519272","_oembed_59808117857ddf57e478a31d79f76e4d":"<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">Happy to follow-on report that a huge chunk of <a href=\"https:\/\/twitter.com\/Flickr?ref_src=twsrc%5Etfw\">@Flickr<\/a> compute just successfully made the transition to Graviton2 <a href=\"https:\/\/twitter.com\/Arm?ref_src=twsrc%5Etfw\">@ARM<\/a> in <a href=\"https:\/\/twitter.com\/awscloud?ref_src=twsrc%5Etfw\">@awscloud<\/a> this afternoon. More services coming shortly. My aim is to get to 100% of non-GPU <a href=\"https:\/\/twitter.com\/SmugMug?ref_src=twsrc%5Etfw\">@SmugMug<\/a> and <a href=\"https:\/\/twitter.com\/Flickr?ref_src=twsrc%5Etfw\">@Flickr<\/a> compute on ARM within the year. <a href=\"https:\/\/t.co\/fwXWdg06xx\">https:\/\/t.co\/fwXWdg06xx<\/a><\/p>&mdash; Don MacAskill (@DonMacAskill) <a href=\"https:\/\/twitter.com\/DonMacAskill\/status\/1314050996486561792?ref_src=twsrc%5Etfw\">October 8, 2020<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>","_oembed_time_59808117857ddf57e478a31d79f76e4d":"1610519272","_oembed_965c5b49aa8d22ce37dfb3bde0268600":"<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"de\" dir=\"ltr\">Der <a href=\"https:\/\/twitter.com\/hashtag\/Finanzausschuss?src=hash&amp;ref_src=twsrc%5Etfw\">#Finanzausschuss<\/a> im <a href=\"https:\/\/twitter.com\/hashtag\/Bundestag?src=hash&amp;ref_src=twsrc%5Etfw\">#Bundestag<\/a> hat das <a href=\"https:\/\/twitter.com\/hashtag\/Jahressteuergesetz?src=hash&amp;ref_src=twsrc%5Etfw\">#Jahressteuergesetz<\/a> beschlossen. Damit wurde auch die <a href=\"https:\/\/twitter.com\/hashtag\/Gemeinn%C3%BCtzigkeit?src=hash&amp;ref_src=twsrc%5Etfw\">#Gemeinn\u00fctzigkeit<\/a> f\u00fcr <a href=\"https:\/\/twitter.com\/hashtag\/Freifunk?src=hash&amp;ref_src=twsrc%5Etfw\">#Freifunk<\/a> Initiativen beschlossen. Das ganze geht jetzt in der kommenden Woche ins Plenum zur Abstimmung und direkt in den <a href=\"https:\/\/twitter.com\/hashtag\/Bundesrat?src=hash&amp;ref_src=twsrc%5Etfw\">#Bundesrat<\/a><\/p>&mdash; Jens Zimmermann (@JensZSPD) <a href=\"https:\/\/twitter.com\/JensZSPD\/status\/1336581821706989568?ref_src=twsrc%5Etfw\">December 9, 2020<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>","_oembed_time_965c5b49aa8d22ce37dfb3bde0268600":"1610519272","_oembed_81002f7ee3604f645db4ebcfd1912acf":"<iframe title=\"Netzetag bei der Telekom: Antennen, Breitband, Glasfaser\" width=\"800\" height=\"450\" src=\"https:\/\/www.youtube.com\/embed\/6_NTa3VCRFo?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>","_oembed_time_81002f7ee3604f645db4ebcfd1912acf":"1610519273","_elementor_screenshot":null,"_oembed_7ea3429961cf98fa85da9747683af827":null,"_oembed_time_7ea3429961cf98fa85da9747683af827":null,"_elementor_controls_usage":null,"_elementor_page_assets":[],"_elementor_screenshot_failed":null,"theplus_transient_widgets":null,"_eael_custom_js":null,"_wp_old_date":"2021-01-11","_trp_automatically_translated_slug_it_it":null,"_trp_automatically_translated_slug_pt_pt":null,"_trp_automatically_translated_slug_zh_cn":null,"_trp_automatically_translated_slug_nl_nl":null,"_trp_automatically_translated_slug_pt_br":null,"_trp_automatically_translated_slug_sv_se":null,"rank_math_analytic_object_id":"487","rank_math_internal_links_processed":null,"_trp_automatically_translated_slug_ro_ro":null,"_trp_automatically_translated_slug_sk_sk":null,"_trp_automatically_translated_slug_bg_bg":null,"_trp_automatically_translated_slug_sl_si":null,"litespeed_vpi_list":["webhostinglogo.png"],"litespeed_vpi_list_mobile":["webhostinglogo.png"],"rank_math_seo_score":null,"rank_math_contentai_score":null,"ilj_limitincominglinks":null,"ilj_maxincominglinks":null,"ilj_limitoutgoinglinks":null,"ilj_maxoutgoinglinks":null,"ilj_limitlinksperparagraph":null,"ilj_linksperparagraph":null,"ilj_blacklistdefinition":null,"ilj_linkdefinition":[],"_eb_reusable_block_ids":null,"rank_math_focus_keyword":null,"rank_math_og_content_image":null,"_yoast_wpseo_metadesc":"Eine Analyse der Sunburst Malware zeige gro\u00dfe \u00c4hnlichkeiten mit Kazuar. Dies identifiziert die Entwickler aber noch nicht.","_yoast_wpseo_content_score":"30","_yoast_wpseo_focuskeywords":"[]","_yoast_wpseo_keywordsynonyms":"[\"\"]","_yoast_wpseo_estimated-reading-time-minutes":null,"rank_math_description":"Eine Analyse der Sunburst Malware zeige gro\u00dfe \u00c4hnlichkeiten mit Kazuar. Dies identifiziert die Entwickler aber noch nicht.","surfer_last_post_update":null,"surfer_last_post_update_direction":null,"surfer_keywords":null,"surfer_location":null,"surfer_draft_id":null,"surfer_permalink_hash":null,"surfer_scrape_ready":null,"_thumbnail_id":"6461","footnotes":null,"_links":{"self":[{"href":"https:\/\/webhosting.de\/sv\/wp-json\/wp\/v2\/posts\/6516","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhosting.de\/sv\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhosting.de\/sv\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhosting.de\/sv\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/webhosting.de\/sv\/wp-json\/wp\/v2\/comments?post=6516"}],"version-history":[{"count":0,"href":"https:\/\/webhosting.de\/sv\/wp-json\/wp\/v2\/posts\/6516\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webhosting.de\/sv\/wp-json\/wp\/v2\/media\/6461"}],"wp:attachment":[{"href":"https:\/\/webhosting.de\/sv\/wp-json\/wp\/v2\/media?parent=6516"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhosting.de\/sv\/wp-json\/wp\/v2\/categories?post=6516"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhosting.de\/sv\/wp-json\/wp\/v2\/tags?post=6516"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}