Kaspersky researchers found that the Sunburst backdoor, the malware deployed during the SolarWinds supply-chain attack, shows shared features with Kazuar, a backdoor linked to the Russian Turla hacking group. Turla (aka VENOMOUS BEAR and Waterbug) has been coordinating information theft and espionage campaigns as far back as 1996 and is the main suspect behind attacks targeting the Pentagon and NASA, the U.S. Central Command, and the Finnish Foreign Ministry. Despite similarities, the algorithms used to implement these features are still not 100% identical which hints at a potential relationship between the two malware strains.
Source: https://www.bleepingcomputer.com/news/security/sunburst-backdoor-shares-features-with-russian-apt-malware/