I think we're discussing different topics. The article headline says, "Microsoft confirms Russian spies stole source code, accessed internal systems." I interpreted your comment about vault 7 to imply that investigators (ie, MS & anyone that they asked to be involved) couldn't be certain this was Russia. I disagree with that; snuggling data leaves too many breadcrumbs. Your reply seems more focused on other parts of vault 7, and although I don't necessarily disagree with it, I'm not sure what you're trying to say here.

However, it's important to remember that FBI!=CIA!=NSA

Take this wildly simplified example. You are the attacker. You already have access to internal systems at Microsoft.

Now you need to send the large amounts of data back to yourself, preferably without giving away your own location in the process. That’s the exfiltration phase of the cyber kill chain.

In order to do that, you’ve already established a set of listening posts and command/control sites across the internet. That’s your infrastructure. Setting that up in a pseudo anonymous way is hard, so you don’t do it often and may need to reuse it for multiple targets.

It’s that infrastructure that is hard to replicate if you’re trying to “look like” another threat actor on the Internet.

So you just are wildly speculating and assume this one technique you know about completely defeats teams of specialists with the budget of the richest country in the world

It's one thing to point out issues with attribution. It's another to just say since we can't say with 100% certainty let's just make up attributions.

Especially with no knowledge of the attributions certainty, they could be 99.9% sure

Nobody in this thread is saying that but you, atm. I was just wondering if you were speculating or had any evidence. Id even be interested to hear more about your logic because "its possible and has been done before by other actors" isnt enough to convince me

What does scale have to do with it. That is like saying I don't understand, because it is Big Data in the Cloud with Edge Computing. As I see it I just need one computer in Venezuela and the trail is gone.

There is a lot of hand waiving from "security" folks. They are probably about as fraudulent as bullet forensics etc.

I’m not sure how this shifts blame? In my opinion the blame sits squarely on the shoulders of the entity whose systems were exploited. Microsoft is responsible for the security of their systems, full stop. Doesn’t matter if the GRU did it or some random guy in Venezuela.

How do you know Microsoft was even “hacked”? I mean if you want to get super pedantic about this, I haven’t personally seen any proof.

So yes while a computer provides a convenient mathematical abstraction upon which we can reason, we aren’t talking about how a computer boots. We are talking about figuring out - within a certain confidence level - the group of individuals that likely carried out an attack. We are now firmly outside the scope of the neat little mathematical abstraction of the machine. Even within a machine, there’s more nondeterminism than you or I would like to admit. But that’s a topic for another day.

The methodology is not secret, you can google for threat actor attribution. Private companies do this work as well as governments. You are welcome to go join one of those companies or organizations to learn how it works and work to improve the process if you are so passionate about it!

You are the one putting some political agenda on this. China, Russia, as well as North Korea, Israel, Iran, and many other countries have robust offensive cyber capabilities. Attribution is not an exact science, and if you actually read any raw intelligence report it is clearly marked with a confidence level for that exact reason.

Lots of Clinton associates also worked for Microsoft. My guess is that Microsoft and the Clintons/Obama/libs sold the country out to China and are now trying to play victim.

I'm a-political but this is the pattern I see.

He's probably spot on, btw.