A comparative analysis of threat models in the context of cyber threat attribution

The role of cyberspace in geopolitical conflicts - as the experience of recent decades clearly demonstrates - is continually expanding. The activities of state sponsored and other cyber actors are becoming increasingly frequent, complex, and sophisticated. To understand and analyze a potential cyberattack in detail, it is essential to identify and select an appropriate analytical framework. There are currently several frameworks and models for analyzing cyber threats, but these were developed for different purposes and primarily focus on technical analysis. However, when analyzing a complex attack, we must also consider additional non-technical aspects that are not or are only partially covered by the known models. This research aims to conduct a comparative analysis of publicly available threat models and frameworks, with a particular focus on their applicability in the context of cyber threat attribution. The study evaluates the applicability of individual frameworks during attribution based on a uniquely created set of criteria. The purpose of the comparative analysis is to understand the strengths, weaknesses, and shortcomings of individual models in light of the identification of cyber actors behind cyber threats.