Hacker Read top | best | new | newcomments | leaders | about | bookmarklet login

The part you’re missing is that they don’t tell you how they did the attribution, and there are good reasons for this. You’re assuming that you know what they know.

reply



view as:

Frequently the evidence is that they saw a connection from <IP from within country> or that the document had some Cyrillic in it which is the internet version of "Russia woz 'ere" totally legit. Conveniently it's always whichever country is the media boogeyman of the week

reply


No, source IP address country is never the basis for attribution, and contrarian lay people always assume that’s how it works for some reason. It isn’t, at all.

reply


Speaking with confidence is not enough to be taken seriously on this topic saturated with marketing, politics and mythomaniacs. Especially when a quick Google search is enough to find plenty of such attributions:

> The IP address was linked to the GRU HQ itself. https://www.techradar.com/news/defending-against-nation-stat...

> one website that helped to coordinate them, StopGeorgia.ru, was hosted at an IP address that belonged to a company headquartered next to a GRU-connected military research institute https://www.wired.com/story/us-blames-russia-gru-sweeping-cy...

> Dragos researcher Joe Slowik noticed that one IP address identifying a server in Hungary used in that APT28 campaign matched an IP address listed in the CISA advisory https://www.wired.com/story/russias-fancy-bear-hack-us-feder...

> They used an Ip address that has been previously seen in other russian attributed attacks https://abcnews.go.com/WNT/video/ip-address-linked-russia-dn...

List would go on and on, and this is only for Russia. And yes I'm aware those sources are easily discarded as "non serious enough", as expected from the top results of a search engine I guess. Do your part and provide us with better sources.

reply


Legal | privacy