In two influential articles in June 2016, immediately following the Crowdstrike announcement, SecureWorks (June 16 here and June 26 here) purported to connect the DNC hack to a 2015-6 phishing campaign which they attributed to APT28. SecureWorks identified two malicious domains in their article. In today’s article, I’ll show that infrastructure from one domain are connected to domains identified as APT28 in early literature, while infrastructure from the other domain leads in an unexpected direction.
View original post 1,043 more words
I Didn't Ask To Be a Blog 