Security researchers have a complicated relationship with attribution. On the one hand, for technical analyses, it doesn’t matter whether an attack was performed by a Bear, a Panda or an Eagle, and whether it was Cozy or Fancy. But security research doesn’t exist in a void, and in an era where the overlap with geopolitics is growing, attribution has started to matter a lot.
Those performing advanced attacks know this and they try hard to hide their real identity. In several cases, they go as far as to plant ‘false flags’ in an attempt to deceive those analysing the attack.
In their VB2016 paper “Wave your false flags! Deception tactics muddying attribution in targeted attacks”,
Kaspersky Lab
researchers Juan Andrés Guerrero-Saade and Brian Bartholomew discuss this issue, using many real examples. Today, we publish their paper (
here
in HTML format and
here
in PDF format). We have also uploaded the video of their presentation to our
YouTube
channel.
Leave a Reply