The task of threat actor attribution has often been viewed as an art, rather than a science, due to its complexities and reliance on human interpretation and expert analysis.
Unit 42’s Attribution Framework helps address this by providing a systematic approach for analyzing threat data, which facilitates the attribution of observed activities to formally named threat actors, temporary threat groups or clusters.
It utilizes the excellent work of the Diamond Model of Intrusion Analysis and the Admiralty System, to enable the attribution of observed activities, while also allowing for researcher discretion in adjusting scores.
This methodology allows for the long-term tracking of threats and elevates the efficacy of intelligence collection and analysis.
