While CrowdStrike suspects a North Korean state-backed hacking group it tracks as Labyrinth Collima is behind this attack, Sophos’ researchers say they “cannot verify this attribution with high confidence.”