A year-long study by CrowdStrike has identified more than 50 groups of cyber threat actors, blaming groups in China, Iran, Russia, North Korea, and Syria for high profile attacks. CrowdStrike reckons that the groups it is tracking make up the majority of the sophisticated threats attacking enterprises across the globe. Groups can be distinguished by the differences in their tactics, techniques, and procedures, such as the tools and infrastructure they use for attacks, their level of sophistication and the working hours hackers put in to running attacks.

Cybercrime in 2013 was dominated by a core of around 50 active groups, including Russian and Chinese “threat actors” whose activities are only now coming to light, a report from monitoring firm CrowdStrike has found. Using an approach that foregrounds the “threat actors” above the malware itself, the firm divides groups according to whether they are deemed to be motivated primarily by national, political, and purely commercial motives. As CrowdStrike’s marketing motto puts it: “you don’t have a malware problem, you have an adversary problem.” At first, the categorization system looks more like a blizzard of inscrutable names, with major cybergroups including Numbered Panda, Magic Kitten, Energetic Bear, and Deadeye Jackal.