Few topics in the field of Cyber Threat Intelligence (CTI) prompt as much passion and debate as the concept of
threat attribution. From numerous conference talks, to blogs and papers, to various applications in CTI analysis,
the question of threat attribution repeatedly emerges. While CTI attribution discussions can take many forms
and aim at specific audiences—for example, policy-makers and state strategy —this discussion will focus on the
technical analyst’s perspective. In adopting this viewpoint, the question of attribution typically manifests in a very binary fashion. Whereas attribution, as described below, represents various gradations, most discussion limits
itself to “yes or no” discussions as to the value and need for CTI attribution, when the actual answer (as with most things in CTI) is, “it depends.”
Download Here