[OminousWeapons]

It's cost prohibitive for a small group to pull this off unless they are financed by a large criminal org. You're talking about a small company's worth of people to design the software, QA it, stand up and monitor the infrastructure, perform the follow on exploitation, manage the shells, parse discovered data from hundreds of targets, etc. That's probably millions of dollars in salary alone.

The attack pattern also makes no sense for a criminal organization with this level of access. Why wouldn't you go after resources you could trivially monetize or data you would want to know about like customer data, IP, financial resources, law enforcement, etc? Reading government emails seems like a waste of time unless you are trying to resell the intelligence to interested parties. Going after FireEye red team tools seems like a very high risk waste of time.

Lastly, you're taking on American intelligence with above the wire capabilities. You're telling me a group of this size has the opsec capabilities to evade the NSA? No one made a mistake?

[mistermann]

For the sake of discussion, let's say this must be a state actor of some kind. Has there been any evidence provided that this must be Russia?

[jc01480]

The methods utilized in this compromise are consistent with methods utilized in other attributed breaches not disclosed.

[mistermann]

>> Has there been any evidence provided that this must be Russia?

> The methods utilized in this compromise are consistent with methods utilized in other attributed breaches not disclosed.

I am unable to understand what meaning I should extract from your comment.

My expectation is that an answer to my question must be one of: Yes, No, or Unknown (and possibly accompanied by additional commentary).

Would a proper interpretation of your answer be either of these?:

- "No, there has not been any evidence provided that establishes that this must be Russia."

- "There has not been any evidence provided that establishes that this must be Russia, therefore it is UNKNOWN whether this is Russia."

[OminousWeapons]

No, and they're not going to release that data while the investigation is ongoing.

[mistermann]

Does it seem odd at all that everyone is not just willing but eager to accept repeated claims of Russian responsibility for this or that, despite significant evidence for the repeated claims rarely being released? Even asking a question is essentially guaranteed to be met with at least downvotes, if not a stern lecture, despite there being no evidence.

[OminousWeapons]

> Does it seem odd at all that everyone is not just willing but eager to accept repeated claims of Russian responsibility for this or that, despite significant evidence for the repeated claims rarely being released?

Not particularly. It is no secret that Americans really don't like the Russian government, and there is precedence for APT groups associated with the Russian government attacking the US. I agree though that there is no publicly available data to support the assertion that Russia is responsible for this at this time. My earlier post was simply pointing out the low likelihood of an individual or independent group performing this attack. The high level of sophistication combined with their risky target selection suggests it is a nation state.

[mistermann]

It does indeed suggest that it is a nation state - my problem is with the repeated (evidence-free) assertions that the nation state is(!) Russia - and also that hardly anyone seems to care about what is Actually True, on matters this dangerous.