I'm tired of reading about "sophisticated actors" who just asked for and were given the admin password. Has anyone produced a classification scheme to rate threat actors and the tactics they used?
"Sure it was a Class 1 threat actor, but they just used a Class 4 attack vector".
Links welcome!