Power structures, decision-making, and leadership styles within cybercriminal groups: A CTI datasets based exploration

Konstantinos Mersinas, Aimee Liu, Niki Panteli

Research output: Contribution to conferenceAbstractpeer-review


Cybercriminal groups dynamically shape their business models and undergo constant evolution. Cyber Threat Intelligence (CTI) indicates that some groups move into the formation of conglomerates with networks of affiliate groups constituting the cybercriminal landscape, through adopting Crime-as-a-Service (CaaS) and other collaborative approaches. Such structures can be complex and high-maintenance , with one aspect of their complexity being the identification of affiliate individuals with the appropriate technical and collaborating skills, but also from the leadership style and attitude, since maintaining and operating these networks is largely a managerial task, and less of a technical one. In this paper i) we utilise datasets captured by CTI-platforms *, and ii) expand our previous work on cultural aspects of cybercriminal groups, to inform internal power-distance, decision-making, and leadership styles of collaborating entities to identify potentially distinct profile properties of the involved actors. Our hypothesis is that beyond the procedural mechanisms for establishing trust relationships in such cybercriminal networks, there exist special characteristics of affiliated persons, which are necessary for the success of networked cybercrime operations.

*details on the datasets will be available in the full paper version; we need the appropriate permissions for acknowledging sources.
Original languageEnglish
Publication statusSubmitted - 30 Apr 2024

Cite this