[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] Threat Actor items
|
Just a comment: In 'our' context "Operational" indicates that an entity has the ability to effectively establish infrastructure and use attack packages developed by others. An analogy might be a group of actors with malicious intent who purchase pre-built
exploitation packages, compromised hosts/credentials, etc. from the "black market". They have enough sophistication to configure and run these pre-built packages but not develop or customize same.
Patrick Maroney
President Integrated Networking Technologies, Inc. Desk: (856)983-0001 Cell: (609)841-5104 Email: pmaroney@specere.org Here is a suggested re-wording of the “Contest” vocabulary item for Attack Resource Level for Threat Actor:
“A short-lived and perhaps anonymous interaction that concludes when an ad-hoc group of participants have achieved a single goal. For example, people who break into systems just for thrills or prestige may hold a contest to see who can break into a specific target first. It also includes announced "operations" to achieve a specific goal, such as the original "OpIsrael" call for volunteers to disrupt all Israel internet functions for a day. Minimum Sophistication level: ???.”
There were some changes suggested to Sophistication Level that will need to be reflected in the other Attack Resource Level descriptions. This one was formerly “Operational,” indicating a moderate level of sophistication but little long-term planning or development capabilities.
If there are other items for updating please let me know.
Tim
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]