The group behind a global cyber espionage campaign discovered malicious computer code deployed with links to spy tools previously used by suspected Russian hackers last month, researchers said Monday.

Investigators from Moscow-based cybersecurity firm Kaspersky said the “backdoor” used to compromise up to 18,000 SolarWinds customers looked like malware linked to the “Turla” hacking group, which authorities said Estonian, operates on behalf of the Russian security service FSB. The results are the first publicly available evidence to support U.S. claims that Russia orchestrated the hack, which compromised a range of sensitive federal agencies.

Moscow has repeatedly denied these allegations.

You hit your free item limit this month.

Membership benefits include

Today’s paper

Find a mobile version of daily newspaper articles in an easy-to-read list.

Unlimited access

Enjoy reading as many articles as you want without any limitations.

Personalized recommendations

A shortlist of items that match your interests and tastes.

Faster pages

Switch easily from article to article, as our pages load instantly.


A one-stop shop to see the latest updates and manage your preferences.


We keep you informed of the most recent and important developments, three times a day.

Support quality journalism.

* Our digital subscription plans currently do not include e-paper, crossword puzzles, and printing.