Big Fish, Little Fish, Critical Infrastructure: An Analysis of Phineas Fisher and the 'Hacktivist' Threat to Critical Infrastructure
This addresses the threat of hacktivists to critical infrastructure, providing specific mitigations for asset owners, though it is incremental in enhancing existing threat models.
The paper tackles the lack of understanding of hacktivist tactics by creating a MITRE ATT&CK model for the threat actor Phineas Fisher and mapping it to critical infrastructure, identifying seven mitigations to prevent intrusions.
The hacktivist threat actor is listed in many risk decision documents. Yet their tactics and techniques often remain a mystery. We create a MITRE ATT&CK (ATT&CK) model of a well known hacktivist who goes under the pseudonym of Phineas Fisher, and map that threat to critical infrastructure. The analysis is derived from hacker manifestos, journalist reporting, and official government documentation. This analysis fills a gap in current threat models, to better define what skills and methods a determined hacker might employ. This paper also identifies seven essential mitigations which can be deployed by critical infrastructure operations and asset owners, to prevent such intrusions by hacktivists. We are in the process of contributing this threat actor into the ATT&CK knowledge base.