[UshZilla]

Right, specific attribution is often challenging, but tactics, techniques, and procedures often have signatures or fingerprints common to the level of sophistication of the actor. Of course this also opens the opportunity to spoof attack vectors, but who knows.

With the inside visibility of the traffic across their network Twitter would be able to estimate (whether with their own internal security experts or an outside service) the sophistication of the attacker.

Would expect that at this point there was some discussion with FBI as well. Also, as pointed out, very common for a tech company to be notified by FBI/NSA/police in these situations.

I work with one of the people interviewed in the article, we've been having some fun on Slack with it :)

[adrtessier]

Well, it's good to know that I basically got it right. I don't work in incident response, so I had to make an educated guess at what signatures I'd assume IR people would use to respectably say "this is a nation-state."

> I work with one of the people interviewed in the article, we've been having some fun on Slack with it

Ooh boy. I don't think there's much you can do about something like this other than laugh it off, and also maybe recognize that hey, you're probably doing something of influence. (And probably make lots of jokes about APTs.)