The inherent nature of cyberspace has created an opportunity for adversaries to exploit vulnerabilities of victim states cyberinfrastructures anonymously for a myriad of reasons. States and nonstate actors can use multiple avenues and techniques to route malicious malware with relative ease and safety. Further, states can utilize nonstate actors in their efforts to achieve political goals with the ability to deny involvement in the act. This is due to both the nature of cyberspace, deficiencies in international law, and the limitations of technical attribution. Therefore, this paper explores what factors, under international law, could be considered in holding nation-states or nonstate actors accountable for malicious cyber acts. The problem/solution method is used to review the relevant deficiencies in international law, general problems associated with attribution in the cyber domain, and other variables that could produce a more comprehensive assessment of whether a particular entity should be held accountable for a cyber action. Instituting and utilizing a multi-dimensional approach to attribution can provide the information necessary to determine responsibility for malicious cyber acts and provide victim states the confidence to respond appropriately.