> Does anybody have any details on the Russia attribution?
FireEye (who discovered the SolarWinds breach when investigating their own breach) have said they are currently unable to attribute it[1]:
"While some have attributed the attack to a state-sponsored Russian group known as APT 29, or Cozy Bear, FireEye had not yet seen sufficient evidence to name the actor [FireEye subsidary VP Carmakal] said"
However US Subcommittee on CyberSecurity member Senator Richard Blumenthal said about it:
"Stunning. Today’s classified briefing on Russia’s cyberattack left me deeply alarmed, in fact downright scared. Americans deserve to know what's going on. Declassify what’s known & unknown"[2]
Having done some work in this field, attribution is definitely possible and fairly reliable with enough data, but releasing that data is usually not done because it shows what data sources you have access to.
I'd be relatively confident that there is classified sources showing it is at least probable[3] that the source is Russian if subcommittee members are tweeting that.
FireEye (who discovered the SolarWinds breach when investigating their own breach) have said they are currently unable to attribute it[1]:
"While some have attributed the attack to a state-sponsored Russian group known as APT 29, or Cozy Bear, FireEye had not yet seen sufficient evidence to name the actor [FireEye subsidary VP Carmakal] said"
However US Subcommittee on CyberSecurity member Senator Richard Blumenthal said about it:
"Stunning. Today’s classified briefing on Russia’s cyberattack left me deeply alarmed, in fact downright scared. Americans deserve to know what's going on. Declassify what’s known & unknown"[2]
Having done some work in this field, attribution is definitely possible and fairly reliable with enough data, but releasing that data is usually not done because it shows what data sources you have access to.
I'd be relatively confident that there is classified sources showing it is at least probable[3] that the source is Russian if subcommittee members are tweeting that.
Edit: FireEye/Mandiant has a good primer on how they do their tracking of unknown groups. Attribution is similar: https://www.fireeye.com/blog/products-and-services/2020/12/h...
> Not looking to start political flame bait here just curious what details are out there.
Just wait until you see what happens to this reply. But <shrug>.
[1] https://www.bloomberg.com/news/articles/2020-12-15/fireeye-s...
[2] https://twitter.com/SenBlumenthal/status/1338972186535727105
[3] Probable in the "words of estimative probability" sense. https://en.wikipedia.org/wiki/Words_of_estimative_probabilit... and https://www.cia.gov/library/center-for-the-study-of-intellig...