How do investigators figure out who is responsible for cyberattacks like this?

 Just as police investigate a string of bank robberies by looking for a method of operations, or forensic evidence that links one robbery to the next, you can do the same thing with hacking operations. Investigators—often in the private sector, sometimes in the government—will look across a series of cases to build a pattern of operations for the hackers. And they will cluster different patterns of operations to different groups. And what the reporting indicates, in this case, is that the pattern of activity suggested this was the Russian how much does a computer engineer make intelligence service that we’ve seen carry out very sophisticated hacking operations against the United States and worldwide targets before—never a destructive attack, but always these intricate espionage operations that hit high-value targets.

The next step is definitely going to be a very thorough investigation that is one of the most significant cyber investigations we’ve seen, just because the scope of this breach is so big. We’re talking about potentially hundreds or thousands of organizations—likely hundreds I would say—that could have been compromised in this breach. Once an agency as sophisticated as the SVR gets access to a network, they’re very hard to get out. So, remediating this breach is going to be difficult. We’re going to start to realize, in the weeks to come, some degree of the information that was taken, some degree of who the victims are. [With] every single one of those, I think it’s going to be another blow and raise the level of concern about this operation.