Threat Research

#TweetBlog: APT29, Phishing and the Challenges of Attribution

FireEye researchers, analysts and incident responders frequently share information and engage with the security community on Twitter and other social media platforms. Sometimes this information adds so much to ongoing discussions that we feel it is important to share on our blogs.

Recently, we detected intrusion attempts against multiple industries as part of a phishing campaign that we suspect is being carried out by APT29. Following the release of our blog post, one of the authors and the head skeptic, Andrew Thompson (@QW5kcmV3), took to Twitter to discuss various attribution possibilities that were considered along the way, as well as some of the challenges that come with attribution.