// THREAT DETECTION AND DATA PRIVACY TERM
Tradecraft
Tradecraft refers to the specialized techniques, methods, and skills used by intelligence professionals and spies for espionage and other covert operations. It covers everything from recruiting agents and conducting surveillance to communicating secretly and avoiding detection.
TECHNICAL DEFINITION
Intelligence tradecraft is the corpus of specialized techniques and methodologies for conducting clandestine operations, encompassing human intelligence (HUMINT) agent handling, surveillance and counter-surveillance, secure communications like dead drops, elicitation, and operational security (OPSEC) to achieve espionage or counterintelligence objectives.
BACKGROUND
Huntress is an American cybersecurity company based in Columbia, Maryland.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- spycraft
- espionage techniques
- fieldcraft
- clandestine methods
- covert arts
- intelligence operations
- operational methods
USAGE NOTE
The term is used to describe the practical 'how-to' of intelligence work, where a lapse in tradecraft can lead to a compromised mission or agent.
DEVELOPERS
Organizations developing technology related to Tradecraft.
A leading incident response and threat intelligence company that specializes in dissecting the 'tradecraft'—tactics, techniques, and procedures (TTPs)—of advanced persistent threat (APT) actors. Their technology and services are built around understanding and countering sophisticated cyber espionage and attack campaigns.
Develops a cloud-native endpoint security platform (Falcon) designed to detect and stop breaches by analyzing adversary behavior and tradecraft in real-time. Their threat intelligence teams, like Falcon OverWatch, actively hunt for and report on the novel tradecraft used by nation-state and eCrime actors.
A not-for-profit organization that developed and maintains the MITRE ATT&CK framework, a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. This framework has become the standard for defining and organizing cyber adversary tradecraft.
A cybersecurity firm specializing in adversary simulation and red teaming. They develop technology, such as the widely-used BloodHound tool for analyzing Active Directory attack paths, that both emulates and helps defenders understand advanced attacker tradecraft within corporate networks.
A major government contractor that provides technology and consulting services to the U.S. intelligence community and Department of Defense. They develop and operationalize sophisticated cyber tradecraft for both offensive and defensive missions, including digital forensics, malware analysis, and mission systems development.
A prime defense contractor that develops advanced cyber warfare, signals intelligence (SIGINT), and information operations technologies for national security agencies. Their work involves creating and countering state-level cyber tradecraft for intelligence gathering and military operations.
A cybersecurity company focused exclusively on protecting industrial control systems (ICS) and operational technology (OT). They develop a platform and provide threat intelligence specifically tailored to the unique tradecraft of adversaries targeting critical infrastructure like power grids, manufacturing, and oil and gas.
Provides a security intelligence platform that automates the collection and analysis of data from open source, dark web, and technical sources. The technology is used by organizations to proactively identify and understand adversary infrastructure, malware, and evolving TTPs, effectively mapping out their tradecraft.