Joint Statement by the Cyber Unified Coordination Group (UCG), composed of the FBI, CISA, and ODNI with support from NSA: "This work indicates that an APT actor, likely Russian in origin, is responsible..." https://www.cisa.gov/news/2021/01/05/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure
Report on Russian Cyber Units (Congressional Research Service): https://beta.documentcloud.org/documents/20441144-russian-cyber-units-jan-4-2021 | Collectively, these units are sometimes referred to as APT (Advanced Persistent Threat) 28, Fancy Bear, Voodoo Bear, Sandworm, and Tsar Team.
New Findings From Our Investigation of SUNBURST (SolarWinds): https://orangematter.solarwinds.com/2021/01/11/new-findings-from-our-investigation-of-sunburst/
RT @CrowdStrike | SUNSPOT: An Implant in the Build Process (CrowdStrike): https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/
RT @WIRED | Kaspersky published new evidence of technical similarities between malware used by the mysterious SolarWinds hackers and the well-known hacker group Turla, believed to be Russian in origin and also known by the names Venomous Bear and Snake. https://www.wired.com/story/solarwinds-russia-hackers-turla-malware/