CEA
← All Actors

Unknown / Contested Attribution

Various — includes cases where attribution is contested, unconfirmed, or points to non-state or negligence-based incidents

Mission Type

Varies — includes criminal ransomware, unattributed espionage, and non-offensive governance cases

Primary Sectors

Multiple

Operational Period

Various

Attributed Cases

12

Attributed Cases

Stuxnet2010
SabotageUnpeace 90
Colonial Pipeline2021
RansomwareUnpeace 80
Oldsmar Water2021
SabotageUnpeace 60
Costa Rica / Conti2022
RansomwareUnpeace 80
Australia Parliament2019
EspionageUnpeace 50
Iran Nuclear Cyber2020
SabotageUnpeace 80
Change Healthcare2024
RansomwareUnpeace 80
India–Pakistan Cyber2018
EspionageUnpeace 50
Gaza Cybergang2020
EspionageUnpeace 50
Thailand Election2019
EspionageUnpeace 50
Ecuador Data Exposure2019
HybridUnpeace 60
Bangladesh e-Gov2021
EspionageUnpeace 60

TTP Pattern Summary

Cases in this category span a wide range from sophisticated ransomware-as-a-service operations (Colonial Pipeline, Change Healthcare) to unattributed espionage (Oldsmar Water) to non-offensive governance cases (Ecuador data exposure). The common thread is the absence of confirmed state attribution, which itself carries analytical significance for understanding the governance response gap.

Initial Access (10)Collection (6)Impact (ICS) (3)Impact (3)Exfiltration (2)Command and Control (2)

Behavioural Signature

The contested-attribution category is analytically significant precisely because the absence of clear attribution constrains governance responses. Criminal ransomware groups in this category often operate from jurisdictions that tolerate their activity, creating a state-responsibility gray zone. Non-offensive cases like Ecuador illustrate governance failures that exist independently of adversarial intent.

Governance Footprint

Cases in this category have driven significant regulatory change (Colonial Pipeline → TSA pipeline directives; Change Healthcare → healthcare security mandates) despite the absence of clear state attribution, demonstrating that governance responses can be triggered by impact severity alone, independent of adversary identity.