A threat analytics portfolio project tailored for financial institutions and payment platforms. Maps real-world payment fraud campaigns to the MITRE ATT&CK framework with financial impact, behavioral indicators, payment rail exposure, and regulatory compliance context.
Unlike generic cybersecurity dashboards, this project speaks the language of payment fraud analysts:
- Payment rail tagging — each TTP is tied to ACH, Wire, SWIFT, RTP, Check, or Internal rails
- Financial impact estimates — dollar figures per incident, not just severity labels
- Behavioral indicators — the anomalous patterns that precede an attack, not just IOCs
- Compliance mapping — GLBA, PCI-DSS, Nacha 2026, BSA/AML, SOX, HIPAA per technique
| Incident | Threat Actor | Type | Loss |
|---|---|---|---|
| BEC Wire Fraud Campaign | Scattered Spider / UNC3944 | Criminal | $2.8B industry-wide |
| Insider Payroll & AP Fraud | Malicious Insider | Internal | $4.7M avg per incident |
| SWIFT Financial Messaging Attack | Lazarus Group (APT38) | Nation-State | $1.3B+ attributed |
- Navigator View — ATT&CK matrix across all 12 tactics, color-coded by severity. Each technique shows payment rail indicators (colored dots). Click for full intelligence.
- Analyst Report View — Structured report with description, behavioral indicators, evidence, detection guidance, financial impact, and compliance tags per TTP.
- TTP Detail Panel — Slide-out with behavioral profiling angle, financial impact, evidence, detection guidance, and direct MITRE ATT&CK link.
- Stats Strip — Live counts of TTPs, critical findings, payment rails at risk, and compliance frameworks implicated.
- Kill Chain Coverage — Visual showing which MITRE phases the attacker used, colored by highest severity technique in each phase.
- Payment Rail Exposure — Bar chart of which rails (Wire, ACH, SWIFT, etc.) appear most across the incident's TTPs.
- Regulatory Exposure — Bar chart of how many TTPs implicate each compliance framework.
npm install
npm run dev
# → http://localhost:5173src/
├── components/
│ ├── Dashboard.jsx # ATT&CK matrix + all panels
│ ├── ReportView.jsx # Full analyst report
│ └── TTPDetail.jsx # Slide-out detail panel
├── data/
│ └── breachReports.js # All TTP + incident data
├── styles.css
├── App.jsx
└── main.jsx
Add to src/data/breachReports.js:
{
id: "unique-id",
name: "Incident Name",
threatActor: "Actor Name",
nation: "Internal Threat | Criminal (region) | Country",
year: 2024,
sector: "Industry",
source: "Report citation",
totalLoss: "$X per incident",
summary: "...",
ttps: [
{
id: "T1234",
name: "Technique Name",
tactic: "TA0001",
severity: "critical", // critical | high | medium | low
paymentRails: ["ACH", "Wire"], // ACH | Wire | SWIFT | RTP | Check | Internal
financialImpact: "$X–$Y per incident",
compliance: ["GLBA", "Nacha 2026"], // GLBA | PCI-DSS | Nacha 2026 | BSA/AML | HIPAA | SOX
description: "...",
behavioralIndicators: "...",
evidence: "...",
detection: "...",
references: ["https://..."],
}
]
}