Plus, recent political history and the kinds of benefits delivered by political actors suggest several things: hacking's taken on a special significance as wielded by state actors, there's a considerable amount of delegation to shall we say less expert practitioners who are only loosely controlled, and there's a great deal of effort put forth to deny ANYTHING of the sort ever goes on, ever ever.

To me all this seems par for the course. There's nothing unusual about any of it. It's what you would expect. It's basically like distributed stochastic terrorism, indirectly/loosely driven by a more capable state actor with specific intent to establish deniability.

Not even plausible deniability. Just some convenient way to say 'Nyet! And we are VERY OFFENDED that you would even suggest such a thing!'.

Just the fortunes of war, really.

The problem is that state-level actors are considerably more sophisticated in their activities than what was seen here. There was a story on HN a while back that can best be summed up as "Defending against this is impossible: Mossad is gonna Mossad and there is nothing you can do about it: https://news.ycombinator.com/item?id=26591669

I always thought it would be fun, if one had enough pull, to get a Letter of Marque and Reprisal issued to oneself snuck onto one of the giant omnibus bills that nobody in the Congress reads in its entirety before voting on it. It could easily be interpreted to cover cyberprivateering.

It is absolutely trivial for an attacker in the US or anywhere to make their ransomware attack appear to come from Russia (to someone who doesn’t know that).

Yes, nobody in the west using a compromised russian box for c&c would ever put such code in their ransomware payload. That would obfuscate its origin, and we all know criminals aren't clever enough for that sort of thing.

There can only be one explanation: russian hackers operating with Putin's tacit approval. Us in the west should add this to the mounting pile of "evidence" supporting going into another cold war, because that will surely improve the entire situation. Attributing the unattributable to our preconceived enemies to escalate a conflict always ends well.

Snark aside, on a technical, factual level, this simply isn't evidence of origin, not even a little bit. "russian hackers" is such a tired punchline now that if I, being in the west, were to suddenly jump the fence after 3 decades and choose A Life Of Crime, using russian configuration file names, UTC+3 daytime operating hours, russian-hosted c&c IPs (or, better yet, russia-controlled but plausibly deniable ones like belarus or kazakhstan), and silly stuff like skipping infection of ru-locale machines would be obvious things I would be doing to fuel this existing narrative sailwind. It's utterly silly to think that this in any way suggests origin.

Russian and a bunch of other CIS countries. It could very well originate from Moldova or Kazakhstan.