I wish people would stop speculating on attribution
Attribution of a hack is one of those things that is impossible to figure out with the current state of the Internet and the political climate. Even when the action isn't malicious, attribution can still be nightmarish. Like just this last week I had some security consultants in to complete an audit / penetration test of our infrastructure. The consultant was an employee of an Indian subsidiary of a Dutch corporation. That consultant had finished their component of the audit and begun working on their next client: a South African subsidiary of a UAE-based mining corporation.
For all I knew, their actions could have been malicious, with plenty of evidence to implicate pretty much any nation in the attack. They were physically in the US, but are an Indian National, taking orders from a Dutch company. Or it could have been an agent from another nation posing as that company to establish a pen-testing contract and discover weaknesses for a later attack.
To me, the only evidence I'd believe when it comes attribution would be if a nation state came out and confessed to doing it (And even then, that would be taken with a grain of salt).
This attack feels like something that Russia would do (They pulled a lot of this kind of thing during the Cold War), but its also something that Israel, the US, and Iran have been known to do. For all we know, the attacks could have carried out by Iranians in Russia attacking their own infrastructure for the purpose of muddying the waters when they carry out another attack.
What does confuse me is why they'd be using aspx, since there is no legal way for them to be using it in the first place as ASP.net is a Microsoft technology, a company that is forbidden from dealing with Iranian businesses. Choosing ASP.net, merits of the language aside, would severely limit their ability to acquire support and patches. Feels like they might have intentionally used something insecure so as to attract a compromise.
Biting the hand that feeds IT
