So anyone following Solarwinds this is an excellent document enjoy @thespybrief

https://us-cert.cisa.gov/sites/default/files/publications/AA20-352A-APT_Compromise_of_Government_Agencies%2C_Critical%20Infrastructure%2C_and_Private_Sector_Organizations.pdf

So I’ll be watching this space.

I’m curious to see what “specific implementation” of “stenography” they used

I’m curious of this is going to be a “fingerprint” of who created this.

Different schools of hackers will use different types of this skill.

I also want more then

Fingerprint.

As we are talking about people who try to hide their work.

I don’t put is past CCP-Rus interest aligning. Where Fancy Bear takes credit for others work.

Again I don’t know why I keep thinking this is not a singular state.

I want to be specific here to why I think there is a tactical advantage to this.

The supply chain Attack FEELS like it plays really well into Chinese technical access.

Where the development of the code FEELS more Russian. In the informational and architectural knowledge

https://thehill.com/policy/cybersecurity/251046-top-russian-chinese-hackers-use-nearly-identical-tactics

This style of attack even the design of the virus itself isn’t technically novel

So it’s worth looking backwards as well

And if we drew a Ven diagram of overlapping state interest

This plots Danm near center for both in overlap https://www.secureworldexpo.com/industry-news/why-russia-hacks-why-china-hacks

This thread is meant to be a musing of correlating information I feel should be added into the dialog for context

It’s not a professional view. Just an open square of Hmmm