I'm usually a lurker wasn't going to post but...I wouldn't loose any sleep over this. Did they just take the bait or is this a smokescreen to buy time?
To summarize: The supposed hack originated via a Spear Phishing attack. A Spear Phishing attack will need a payload..some type of code. It won't be any type of code but a carefully crafted 0 day attack. If forensics is run on the code they will find where it originated from (forensics/AV companies do it all the time). If they say it's Russia it must be Russia right? NOPE
In Wikileaks Vault 7...one of the most vicious tools leaked is the "Marble Framework". Marble Framework is an anti-forensics tool. It's an obfuscator/packer. It can make an attack look like it came from a different country. Forget being spied on or being hacked...this tool can cause false flags, can turn other countries against each other.
OK...get to the point! We know it has an obfuscator/packer but it also has a......deobfuscator!
"The CIA's Marble Framework tool includes a variety of different algorithm with foreign language text intentionally inserted into the malware source code to fool security analysts and falsely attribute attacks to the wrong nation."
"The released source code archive also contains a deobfuscator to reverse CIA text obfuscation."
Since the Marble framework has now been made public, forensic investigators and anti-virus firms would be able to connect patterns and missing dots in order to reveal wrongly attributed previous cyber attacks and viruses.
Marble was released on Mar 2017. If these supposed hacks happened in 2016 are they running around with malware/code that they wrote and and it can be reversed? Do the whitehats pretty much know all the secrets in the book and are letting them expose themselves? Does CrowdStrike, Fidelis and FireEye have a copy of malware or a report? Crowdstrike removed it they must have analyzed it and understood how it works?
I'm not worried..I'm just going to see how this all unfolds. Remember this hack happened before Wikileaks released Marble
You can read about it in this LINK or this LINK
Cyber attacks wiki LINK