“Attack attribution is always difficult as criminal groups often share code and techniques, and nation-state actors excel at deception. Here, security researchers share their techniques and common pitfalls.
Attributing cyberattacks to a particular threat actor is challenging, particularly an intricate attack that stems from a nation-state actor, because attackers are good at hiding or erasing their tracks or deflecting the blame to others.
The best method for arriving at a solid attribution is to examine the infrastructure and techniques used in the attack, but even then, researchers can often get it wrong…”
Read the entire article by Cynthia Brumfield here.