Russian Information Operations: Understanding One of the Most Prolific of Threat Actors

By Courtney Falk ·

Today’s businesses are underestimating the enemy. A lack of knowledge about threat actors, and their intent, as well as an inability to thwart them has left businesses at risk. The ability to see things from the eyes of the enemy can help organizations understand threat actor intent and, therefore, build stronger cyber resilience.

Optiv is launching a new resource to help readers obtain a clearer view of the current cyber security landscape from the perspective of threat actors. The Optiv Threat Actor Intel Report is intended to educate readers about significant threat actors operating across the globe through a synopsis of each actor, their history and their motivations. The report is compiled using Optiv’s Global Threat Intelligence Center (gTIC) and public, third-party sources.

Within this report, Optiv will apply its new threat actor scoring methodology to enable readers to better evaluate the threat actors and their status. Optiv has created this proprietary metric for scoring and comparing threat actors based on the gTIC’s extensive intelligence gathering. Each threat actor is evaluated according to six dimensions that measure three areas of capabilities: technical, operations and preparation. We selected these dimensions to represent observable patterns and behaviors on the part of the threat actor.

After we score the threat actor according to these six dimensions, we compute a combined score. This final, cumulative score provides public and private entities with a useful way to quickly evaluate and compare threat actors. These scores are meant to serve as a quick reference to help decision makers determine where to focus and how to best spend their resources.

The first report in this series focuses on Russian computer network operations (CNO). Russian cyber operations continue to be a key topic of public discourse due to their impact on civil society. Russia uses CNO as a component of a wider information operations strategy, partly to compensate for military and intelligence shortcomings. While Russian information operations have become somewhat of an enigma, it’s important to understand the intent behind operations and the areas in which they are used as a smokescreen to strengthen political rhetoric.

This first report covers Russia’s long-standing history of secret police and intelligence organizations, and its socio-political aspects that contribute to the motivations for threat actors; and provides information about how private enterprises play a role, and crossover operations that have expanded outside of Russia’s border.

You can access the Optiv Threat Actor Intel Report #1 - Russia CNO here.


Courtney Falk

Senior Research Analyst

Courtney Falk is a senior research analyst for Optiv’s Global Threat Intelligence Center (gTIC). Courtney analyzes tools, standards and intrusion sets in order to improve state of the art threat intelligence and help Optiv clients stay ahead of potential attacks.