About the APCT Dossier

The definitive intelligence briefing on the Top 50 Advanced Persistent Threat and hacker groups, ranked by ARCS (Adversary Risk Classification System) composite risk scores. Audit-ready, provenance-chained analysis for Congressional stakeholders, national security advisors, and critical infrastructure defenders.

Geographic attribution breakdown: Russia (32%), China (26%), Iran (10%), and DPRK (6%) dominate the highest risk tiers, with criminal syndicates comprising 26% of tracked actors.

Key Statistics

• 50 Top Threat Actors profiled and ranked
• 68% of threat actors are state-sponsored
• 96% of attacks utilize phishing vectors
• 21 days average dwell time before detection

Intelligence Modules

Top 10 Threat Actors by ARCS Score

1. APT29 (Cozy Bear) - Russia SVR - ARCS Score: 98
2. Lazarus Group - North Korea RGB - ARCS Score: 98
3. APT41 (Wicked Panda) - China MSS - ARCS Score: 96
4. Sandworm - Russia GRU - ARCS Score: 95
5. APT28 (Fancy Bear) - Russia GRU - ARCS Score: 94
6. Volt Typhoon - China State - ARCS Score: 93
7. DarkSide / BlackCat - RaaS - ARCS Score: 92
8. LockBit - Russia RaaS - ARCS Score: 91
9. UNC1151 (Ghostwriter) - Belarus - ARCS Score: 90
10. Charming Kitten - Iran IRGC - ARCS Score: 89

About James Scott

James Scott is the founder of the Institute for Critical Infrastructure Cybersecurity (ICIC) and a recognized authority in cyber adversary research. His work focuses on adversary profiling, APT ecosystem analysis, supply-chain threat modeling, and critical-infrastructure cyber risk.

About ICIC

The Institute for Critical Infrastructure Cybersecurity (ICIC) is an independent research center dedicated to adversary profiling, APT ecosystem analysis, and critical-infrastructure cyber risk. ICIC operates without commercial clients or donors, ensuring unbiased intelligence focused on capability transfer to government and critical infrastructure operators.