Kaspersky: SolarWinds Backdoor uses some of the same code found in the “Kazuar” backdoor. Both backdoors use same “sleeping” algorithm that calculates the time between when the backdoors are planted within a network and when they connect to the attackers’ command-and-control server. The use of similar code in both backdoors could be a “false flag” operation, the security firm says. It’s also possible the operators of Sunburst and Kazuar drew from the same source code.”]
Source: https://www.govinfosecurity.com/kaspersky-solarwinds-backdoor-similar-to-russian-kazuar-a-15739