Skip to content
Log in

False flag

Definition

A deliberate deception in which an attacker plants indicators designed to make the intrusion appear to originate from a different actor. Common techniques include reusing another group's known malware, inserting foreign-language strings, or routing traffic through infrastructure associated with a different threat actor.

Related terms

Attribution
The process of identifying the threat actor responsible for a cyberattack. Attribution is a confidence-weighted analytical conclusion, not a binary fact. It...
Confidence level
An explicit label attached to an attribution assessment indicating how strongly the available evidence supports the conclusion. Standard tiers are low, medium,...
Technical vs. legal attribution
Technical attribution identifies the infrastructure and tooling used in an attack and may link it to a known cluster or actor profile....
Threat actor cluster
A named collection of observed activity linked by shared infrastructure, malware, and TTPs, without necessarily having confirmed the real-world identity of the...
TTPs (Tactics, Techniques, and Procedures)
The behavioural fingerprint of a threat actor: the broad goals and approaches they pursue (tactics), the specific methods they use to achieve...

Explained in

  • Attribution in Cyber InvestigationsA deliberate deception in which an attacker plants indicators designed to make the intrusion appear to originate from a different actor. Common techniques incl...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account