Fragen? Antworten! Siehe auch: Alternativlos
- The attackers used more generally available malware and “living off the land” tools, such as administration tools like PowerShell, PsExec, and Bitsadmin, which may be part of a strategy to make attribution more difficult. The Phishery toolkit became available on Github in 2016, and a tool used by the group—Screenutil—also appears to use some code from CodeProject.
- The attackers also did not use any zero days. As with the group’s use of publicly available tools, this could be an attempt to deliberately thwart attribution, or it could indicate a lack of resources.
- Some code strings in the malware were in Russian. However, some were also in French, which indicates that one of these languages may be a false flag.
Ist das nicht super? Wir haben Rohre und Zangen gefunden. Das müssen also ultra-knallharte Geheimdienst-APT-Angreifer sein, dass die nur mit Rohren und Zangen eine Atombombe bauen zu können glaubten!1!!Wieso ist eigentlich nur eine der Sprachen ein False Flag, wenn man zwei findet?