When I read Mandiant’s report, I was pleased to see such a heavy hit to the infamous comment crew, but I had issues with some of the conclusions they ultimately settled on. Much like Kai Roer, I felt like several details in the report were a stretch to fit a larger theory behind who was conducting such operations. I think it’s important for those in the security field to read his post:
With cyber espionage being the latest craze, it’s only natural that companies are finding something to blog, tweet or write-up in the never ending quest to identify who is conducting clandestine cyber operations. Spoiler alert, anyone who has a stake in keeping up with the times, politics and just for the hell of it is likely running their own cyber shop performing collections on a daily basis. Why have you not seen these other countries? Well, if you look hard enough you can find a few of them, but chances are they might just be better than you (at least for now) and the antiquated technology your using to try and stop them.
Doing this sort of work day in and day out makes you realize that state sponsored operations is just a way of life. Hell, it’s been going on longer than I’ve been working in this field. Sure, China jams the knife a bit deeper by jumping into intellectual property, but the fact is, these sort of operations are not going to cease. We are in a world that is connected more than ever of which provides an easy way to remain annonymous and puruse through anyones system granted you can find an exploit or buy one from your neighbor down the street. Jumping to such detailed, unsupported conclusions is not a route others should take.