“The Chinese hacked us” is becoming an all-too-common phrase in recent corporate hacks. But attribution of attacks can be difficult, especially when a skilled attacker — who wants to remain anonymous — carries out the attack. Geolocation may point to some city or province in China, but it is only the first, and potentially misleading, clue. Online research using open-source intelligence (OSINT) can help corroborate details surrounding an attack. The first step is to start gathering as much information about the attack as possible.”]
Source: https://www.darkreading.com/attacks-breaches/tech-insight-attribution-is-much-more-than-a-source-ip