"This is not “espionage as usual,” even in the digital age. Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world. In effect, this is not just an attack on specific targets, but on the trust and reliability of the world’s critical infrastructure in order to advance one nation’s intelligence agency. "<p>That's the most impactful part to me - whether or not this is the work of a nation or APT or just a bunch of punks, the integrity of the _entire industry_ is in question.
I'd presume most the secrets of importance on electrical circuits are no longer so. Anyone who dared put a certificate online is going to have to revoke and start over. While in there for months, the assailants could have planted back doors and reverse shells or what ever suited them.<p>The situation in the world is a bit like living in a tough neighborhood that was trusting years ago so things like glass houses got popular. Then the rocks started flying..
I don't know. This thing of countries blaming other countries for attacks is getting boring. In cyber, there are no borders. If something is vulnerable, it's vulnerable. You don't need the prerequisite of APTs or 'sophisticated nation state cyber threat actors' or whatever flavor of the month name you want to call these groups.