To be honest I was a little disappointed when I saw this talk. Its title was not accurate for a presentation at ccc. It is neither advanced nor attributable to a nation state. It grossed me out when the nontechnical guy hyped things and the hired gun shied away, making it clear the nontechnical guy is grandstanding - also not appropriate for ccc- so I left before it ended.
I am really confused as to why the security community is obsessed with the term "nation state". Every single publication or quote from security researchers that wants to attribute some worm or attack to a country incorrectly calls it a nation state.<p>A nation state is a specific thing that is not just a pompous way of saying state or country.<p>If you're wondering, you can check the Wikipedia entry on it. There's nothing inherent about any type of technical attack that could connect to a nation state.<p>It's sort of a shibboleth of someone who is self-important and doesn't fact-check.
I'm not in netsec, but i'm still a little fuzzy on some details here:<p>1)what's the evidence that this is tied to/from the off the shelf core-impact product? using a similar api call? a controlling server is used?<p>2)other than the target being an israeli aerospace firm and payload pretending to be military in nature (im guessing to generate curiosity, how are 'nation-states' involved?<p>EDIT: maybe answering my own question
1. a "Campaign" identifier is a variable found<p>2. lure document exists elsewhere and has been seen targeting multiple nations over years. at academics and defense orgs.