The American website ZDNet says numerous threat groups are linked to various countries and claims this is based on findings by the ICS security specialist firm Dragos.
The problem is that Dragos has made no such findings.
ZDNet senior reporter Danny Palmer wrote about 10 “hacking groups” and said Dragos had cited each one as being linked to a particular country.
For example, he listed a group known as Parasite and said it was suspected to be linked to Iran.
A second group Magnallium was “thought to be related to APT 33, a state-sponsored Iranian hacking group”.
But Dragos chief executive and founder Robert M. Lee told iTWire that his company only attributed intrusions to clusters or groups. “So we’d say ‘that’s XENOTIME’, but not talk about attribution ie. it’s Russia,” he added.
Palmer listed the 10 groups, starting his list with, “According to Dragos, the most active threat groups targeting critical infrastructure are…” and then listing the country to which each was claimed to be linked to.
Said Lee: “We do acknowledge when governments do attribution. As an example, on XENOTIME the USG [US Government] came out in DoJ indictments and said they’re Russia; fine, the government can do that and, yes, we can acknowledge they have – but that’s not our work/assessment/etc
Part of Palmer’s article where he links threats to different countries, claiming Dragos as a source.
“However, a lot of what is in that article is Danny the journalist and isn’t what we ever said. As an example, he’s saying one of our groups is tied to LAZARUS and others have attributed them to North Korea.
“I think that’s sloppy, but he’s right, there are links to LAZARUS and, yes, others have attributed them – but not us.”
Palmer cited a report from Dragos as the source of his story. However, a close examination of the report shows that all the countries mentioned have been his own work, not that of Dragos.
During an interview in Melbourne on 4 April, Lee emphasised the same point, when asked about attribution. “If you look at our research, there’s not one time we attribute [things to] the state actors. We stay out of the geopolitics of it. We don’t say it’s Iran, China, Russia, North Korea in the same way we don’t say it’s the US, Israel, UK, Australia; anybody that targets these systems we publish [research] on [them],” he said.
“And I think it’s not even a fair assumption. It’s actually correct that the US, Israel, Australia, UK, other countries absolutely target systems as well. So from a Dragos standpoint, we’re not calling out anybody. We just say there’s these groups and here’s what they do because we don’t play those political games.”