TOP 10 unattributed APT mysteries

Targeted attack attribution is always a tricky thing, and in general, we believe that attribution is best left to law enforcement agencies. The reason is that, while in 90% of cases it is possible to understand a few things about the attackers, such as their native language or even location, the remaining 10% can lead to embarrassing attribution errors or worse. High-profile actors make every effort to stay undetected inside the victim’s infrastructure and to leave as few traces as they can.

They implement a variety of techniques to make investigation of their campaigns more difficult. Using LOLBINS, common legitimate pentesting tools, and fileless malware; misleading security researchers by placing false flags—these and other anti-forensic tricks often make threat attribution a matter of luck. That is why there is always a percentage of targeted attacks that remain unattributed for years. Recently, I shared my TOP 10 list of the most mysterious APT campaigns/tools on Twitter. In this article, I provide a bit more detail on each case.

Read more…
Source: Kaspersky