Attribution

Not long after I found an old piece on attribution from Thinkst Applied Research, Cisco’s Talos Intelligence group posted an article on the same topic. Attribution is fraught, as both pieces explain. IP geolocation is woefully inaccurate, many of the tactics, techniques, and procedures tied to specific actors are either so common that they apply to several groups or so general that they might as well, and the proliferation of viable tool sets has made even this metric unreliable. At best, we can attribute activity with a degree of certainty — but never complete confidence, and you should be circumspect of anyone who does.

Permalink.