APT Intelligence Directory
Institute for Critical Infrastructure Cybersecurity
ICIC

Research Ethics & Disclaimers

Last updated: April 2026

Research Methodology & Standards

The APT Intelligence Directory operates under rigorous analytical standards designed to meet or exceed the requirements of leading intelligence organizations while maintaining transparency for academic and policy scrutiny.

Analytical Frameworks

Our research is grounded in the following proprietary frameworks:

  • ARCS: Adversary Risk & Capability Scoring for quantitative threat assessment
  • ARCF: Adversary Risk & Compliance Framework for regulatory mapping
  • OmniSynth: Multi-source intelligence fusion and validation
  • V-Framework: Visual analytics and trend prediction
  • Superior APT & Hacker Group Profiling System: Comprehensive threat actor analysis

Multimodal Evidence Requirements

Every major conclusion in our research must be supported by multiple forms of evidence:

  • Text-based analysis and documentation
  • Code artifacts and malware samples
  • Network telemetry and infrastructure data
  • Datasets and statistical analysis
  • Images, diagrams, and visual documentation
  • Audio or video evidence where applicable

Crossmodal Corroboration

Claims that cannot be corroborated across multiple evidence modalities are explicitly flagged as provisional and routed into our audit workflows for further verification.

Risk-Tiered Consensus

High-impact assessments, particularly state-sponsored attribution claims, require supermajority consensus among our analytical team under mathematically calibrated thresholds. Minority dissent is preserved in appendices for transparency.

Full-Spectrum Provenance

All analytic steps, from data ingestion to analytical conclusions, are mapped to machine-readable provenance schemas and cryptographically hash-chained logs for complete auditability and transparency.

Content Disclaimers

ICIC publications and briefings are provided for educational and awareness purposes only. They are based on publicly available information and ICIC's internal analytical frameworks as of the time of writing.

What Our Content Does NOT Constitute

Our research does not constitute:

  • Operational security advice or guidance
  • Legal advice or legal opinions
  • Recommendations for specific defensive actions
  • Guarantees of accuracy, completeness, or timeliness
  • Predictions of future threat actor behavior

Provisional Assessments

Some of our assessments are marked as provisional, preliminary, or subject to revision. These assessments reflect the current state of available evidence but may be updated as new information becomes available.

Attribution Confidence Levels

All threat actor attributions include explicit confidence levels (high, medium, low) reflecting the strength of supporting evidence. Lower confidence assessments should be treated with appropriate caution.

Limitation of Liability

ICIC does not accept liability for decisions made based on this material. You assume full responsibility for any actions taken based on the information provided on the APT Intelligence Directory.

ICIC shall not be liable for any direct, indirect, incidental, special, consequential, or punitive damages arising from:

  • Your use of or reliance upon the Platform or its content
  • Inaccuracies or omissions in our research
  • Unauthorized access to or alteration of your data
  • Decisions made based on our analysis
  • Any other matter related to the Platform

Accuracy & Verification

While ICIC maintains rigorous standards for accuracy and verification, we acknowledge the inherent challenges in threat intelligence analysis:

  • Open-source information may be incomplete or misleading
  • Attribution of cyber operations involves inherent uncertainty
  • Threat actor capabilities and tactics evolve rapidly
  • Information becomes outdated as the threat landscape changes

We recommend treating all threat intelligence as one input among many in your security decision-making process.

Ethical Use of Research

ICIC research is intended for defensive purposes only. Users are prohibited from:

  • Using threat intelligence to facilitate cyberattacks
  • Exploiting vulnerabilities or tactics described in our research
  • Conducting offensive operations based on our analysis
  • Using our content for unlawful purposes

ICIC reserves the right to revoke access to our research for users who violate these ethical principles.

No Warranty

All content on the APT Intelligence Directory is provided "as is" without any warranties of any kind. ICIC makes no representations or warranties, express or implied, regarding:

  • The accuracy, completeness, or reliability of any information
  • The fitness of the content for any particular purpose
  • The non-infringement of third-party intellectual property rights
  • The absence of viruses or malicious code

Governing Law & Jurisdiction

These Research Ethics & Disclaimers shall be governed by and construed in accordance with the laws of the United States of America, without regard to its conflict of law principles.

Contact Information

For questions regarding our research methodology, ethical standards, or these disclaimers, please visit our Contact Us page.

© 2026 Institute for Critical Infrastructure Cybersecurity. All rights reserved.