Today, the Secureworks® Counter Threat Unit™ (CTU) research team began publishing Threat Group profiles on the Secureworks website. The profiles include a summary of the groups, their objectives, other aliases by which the groups are known, and the malware they use. Both criminal and government-sponsored Threat Groups are included.
Why publish these records, given that they are not full actor profiles and there are no infrastructure indicators? You might be asking yourself if this is just a marketing exercise. I assure you that it isn’t. Yes, we want to make the names available to those who care. But the decision was driven by a desire to help establish a shared language for discussing these groups. We often receive requests for a unified “Rosetta Stone” that relates our Threat Groups to others. Others in the industry have done great work in that area, but we wanted to complement their work and also provide a dynamic feed of our mappings. As aficionados of “master data management” know, documents are problematic. Documents from a single data source are stale as soon as they are created. To address this issue, the website will continuously synchronise with our Threat Intelligence Management System to convey the most current information.
A word about attribution. In Secureworks parlance, Threat Groups are "intrusion sets" or "clusters of observed activity"; they exist in cyberspace; and we see them attempting to cause harm to our customers or see reports of them causing harm to others. In contrast, Threat Actors are real-world people and organisations, with real-world locations. Clearly, Threat Groups map to Threat Actors, but the mapping is not necessarily one to one. A sub-contractor might acquire a new contract, groups might share infrastructure, or a foreign intell ..
Support the originator by clicking the read the rest link below.
