alt Hacker NewsStill no smoking gun, but possibly Russia. From the video https://youtu.be/aoag03mSuXQ?t=2883:
> A lot of the aliases, like Jia Tan, they sound like Asian names, and the published changes are all timestamped in UTC+8, Beijing time. So the signs point to China. And that's why it's probably not China. I mean, why would they make it that obvious? Every other part of the operation has been so meticulous, so cautious.
> And they also worked on Chinese New Year, but not on Christmas. And over the years, there were nine changes that fall outside of the Beijing time into UTC+2, which is a time zone that includes Israel and parts of Western Russia. That's why some experts have speculated that this could be the work of APT29, a Russian-state-backed hacker group also known as Cozy Bear. But again, do we know? No, of course we don't know who it is, and we likely will never know.
Replies
>And that's why it's probably not China. I mean, why would they make it that obvious?
That's just what they want you to think!
Those anecdotes don’t mean anything. If I were China and wanted plausible deniability I would work on CNY and take off on foreign holidays. Of course that leaves Beijing time as a weird oversight though it’s always Beijing time anywhere in China.
UTC+2 isn't very convincing as an argument for Russia. Only the Kaliningrad exclave uses that timezone, and if I were in a state-backed group, I'd live in one of the big cities.
Also quick search suggested UTC+3 was seen during the summer, and Russia doesn't do DST either.
Edit: some of the UTC+2/3 times are attributable to being differences in git committer and author dates (e.g. email patches)