Skip to content
Log in

Attribution

Definition

The process of identifying the threat actor responsible for a cyberattack. Attribution is a confidence-weighted analytical conclusion, not a binary fact. It ranges from technical attribution (identifying the machine or infrastructure used) to legal attribution (establishing criminal or state responsibility in a court or diplomatic context).

Related terms

Confidence level
An explicit label attached to an attribution assessment indicating how strongly the available evidence supports the conclusion. Standard tiers are low, medium,...
False flag
A deliberate deception in which an attacker plants indicators designed to make the intrusion appear to originate from a different actor. Common...
Technical vs. legal attribution
Technical attribution identifies the infrastructure and tooling used in an attack and may link it to a known cluster or actor profile....
Threat actor cluster
A named collection of observed activity linked by shared infrastructure, malware, and TTPs, without necessarily having confirmed the real-world identity of the...
TTPs (Tactics, Techniques, and Procedures)
The behavioural fingerprint of a threat actor: the broad goals and approaches they pursue (tactics), the specific methods they use to achieve...

Explained in

  • Attribution in Cyber InvestigationsThe process of identifying the threat actor responsible for a cyberattack. Attribution is a confidence-weighted analytical conclusion, not a binary fact. It ra...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account