The June 2016 revelations of the DNC breach by two Russia-based advanced persistent threat groups was only the beginning of a series of strategic leaks and conflicting attribution claims. In this presentation we’ll demonstrate techniques used to identify additional malicious infrastructure, evaluate the validity of “faketivists” like the Guccifer 2.0 persona, and strengths and gaps in the attribution analysis. It will highlight how to integrate different tools and sources of information (vendor agnostic) in a way that security practitioners can use in their own organizations.
