Conceptualizing a Continuum of Cyber Threat Attribution


Few topics in the field of Cyber Threat Intelligence (CTI) prompt as much passion and debate as the concept of threat attribution. From numerous conference talks, to blogs and papers, to various applications in CTI analysis, the question of threat attribution repeatedly emerges. While CTI attribution discussions can take many forms and aim at specific audiences—for example, policy-makers and state strategy—this discussion will focus on the technical analyst’s perspective. In adopting this viewpoint, the question of attribution typically manifests in a very binary fashion. Whereas attribution, as described below, represents various gradations, most discussion limits itself to “yes or no” discussions as to the value and need for CTI attribution, when the actual answer (as with most things in CTI) is, “it depends.”

In this paper, a concept of attribution that moves the CTI community away from binary conceptions of CTI attribution value and instead approaches a continuum of attribution types will be introduced. In doing so, multiple possibilities emerge for CTI attributive statements, of different values and significance for different parties—as well as different degrees of relevance for those who wish to make such statements. Through this discussion, the relative value of different types of statements will be examined. Additionally, critical consideration will be applied to why some positions along the emerging continuum of attribution types may be less than desirable for all parties, and ultimately best avoided.

This white paper:

  • Defines the attribution continuum
  • Clarifies the relative value and importance of different types of attribution
  • Orients Cyber Threat Intelligence to defensible attribution actions

    Please complete the form below to access this research:

    Business E-mail Address

    First Name

    Last Name


    Job Role

    Job Function

    Company Size




    Zip / Postal Code


    Business Phone Number

    YES, I would like to schedule a demo consultation with a DomainTools representative.

    Your privacy is a top concern for us at Knowledge Hub Media. We’ll only use your personal information to provide you with the content, products and/or services you’ve requested from us. By entering your contact information and clicking on the “submit” button below, you are confirming that you have carefully read Knowledge Hub Media’s Terms of Use agreement, and Privacy Policy, and agree to be legally bound by all such terms.

    Yes, I agree to the Terms of Use Agreement.

    Yes, I agree to the Privacy Policy.

    The third party vendor sponsoring this content may wish to contact you regarding products and/or services as they relate to this white paper/research. Please check the appropriate boxes below, indicating the ways in which you would like to receive communication from our third party affiliates:

    Yes, I would like to receive communication by email.Yes, I would like to receive communication by telephone.Yes, I would like to receive communication by postal mail.

    Knowledge Hub Media would also like to keep in touch regarding related content, white papers, business/technology research and upcoming events in your area of expertise. Please check the appropriate boxes below to opt-in:

    Yes, Knowledge Hub Media may contact me via email.Yes, Knowledge Hub Media may contact me via telephone.Yes, Knowledge Hub Media may contact me via postal mail.

    You can easily change your communication and consent preferences at any time. Opt-out of receiving communication from Knowledge Hub Media and/or our third party affiliates by easily updating your personally identifiable data and contact preferences here: Update Communication Preferences

    Comments are closed.