Being able to put together tooling with these capabilities makes the attacker an APT by definition. These are generally assumed to be national intelligence services, though that is an assumption. (Among other things, there are multiple countries where the lines between intelligence agencies and their contractors are... fuzzy.)
And while Kaspersky is refusing to speculate at all about attribution, the Russian government has claimed (without giving specific evidence) that it's NSA.
Being able to put together tooling with these capabilities makes the attacker an APT by definition. These are generally assumed to be national intelligence services, though that is an assumption. (Among other things, there are multiple countries where the lines between intelligence agencies and their contractors are... fuzzy.)
And while Kaspersky is refusing to speculate at all about attribution, the Russian government has claimed (without giving specific evidence) that it's NSA.
I thought there were Israeli private services/ contractors providing APT as a service to, for example, Saudi Arabia or other despotic regimes.
I think that was in the news back in the sochi Olympics. The value of cyber capabilities is only going up with time
The siloing may be due to multiple contractors. I imagine these exploit vendors are protective of their arsenal of attacks.
Because as has been said many times, the three letter agencies aren't exempt from the curse of government employee mediocrity.