Researchers at BlackBerry noted, “this campaign is a good example of the blurred line between cybercrime-motivated threat actors and targeted attack threat actors” and it highlights the difficulty of attribution in many campaigns. In the past, the activities of the two groups of threat actors had been largely independent, with targeted attack threat actors relying on custom tooling while cybercrime-motivated threat actors would typically rely on traditional tooling. However, as time goes on and traditional tools improve, more targeted attack threat actors are turning towards using traditional tools, likely to save time and money and evade attribution. With these actors turning to traditional tools, it is more difficult to attribute specific campaigns to specific threat actors.
It is generally not necessary for an organization to attribute a campaign to a specific threat actor. However, it does aid in threat hunting, as once a campaign is attributed to an actor a threat hunter can then begin to hunt for tactics used by that specific actor in the past to improve their investigation. With attribution becoming more difficult, the need for a defense in depth security posture to ensure that all known tactics and techniques will be detected and alerted on becomes more important.
https://thehackernews.com/2022/10/romcom-hackers-circulating-malicious.html
