July 21, 2017 | 3 minute read
In the past two weeks, the Cybereason Intelligence Group has looked at the NotPetya attack. In this blog post, we'll share our latest thinking about the two actors vs one actor hypothesis behind this attack. Hopefully, by presenting our thoughts to the information security community we can work together to better understand the attack and figure out how organizations can better protect themselves from future campaigns.
We theorize that an elaborate, well-planned campaign was conducted against M.E.Doc. The operation and attack progressed in two different ways, depending on whether there was a single actor or two. In this blog post we’ll explain our logic behind each theory.
Like any other hypothesis around the NotPetya attack, the theories we presented have holes, inconsistencies and contradictions. Political motivations can make attribution murky while malware authors commonly use false flags to throw off security researchers. This mean that the information security community is still has much work to accomplish before fully understanding and contextualizing the entire chain of events surrounding NotPetya.
The Cybereason Intel Team is a talented group of researchers with years of experience in the cybersecurity space.