When reading malware-analysis posts, I see researchers talking about sophisticated state-sponsored actors. How can researchers know when something is state-sponsored from their code/C2 servers alone?
Asked
Active
Viewed 58 times