Kaspersky actually didn't attribute it to a Russian ATP. They say they found one thing in common, but are actually explicitly saying that they don't know whether they are the same group.
> TLDR; just tell us who’s behind the SolarWinds supply chain attack?
> Honestly, we don’t know.
> To clarify – we are NOT saying that DarkHalo / UNC2452, the group using Sunburst, and Kazuar or Turla are the same.
> TLDR; just tell us who’s behind the SolarWinds supply chain attack?
> Honestly, we don’t know.
> To clarify – we are NOT saying that DarkHalo / UNC2452, the group using Sunburst, and Kazuar or Turla are the same.