Attributes of Threat Actors
The technical skill level and complexity of tools used (e.g., using pre-made scripts vs. developing zero-day exploits).
The financial backing and infrastructure available (e.g., state-sponsored budget vs. individual hobbyist).
The reason for the attack: financial gain, ideology, espionage, revenge, or chaos.
Advanced Persistent Threat (APT)
APTs are typically nation-state actors or well-funded groups that gain unauthorized access to a network and remain undetected for an extended period. Their goal is usually espionage, data theft, or long-term surveillance rather than immediate destruction.
- Motivation: Geopolitical advantage, intellectual property theft.
- Tactics: Zero-day exploits, supply chain attacks, "living off the land."
Organized Crime / Criminal Syndicates
Professional criminal groups driven almost exclusively by profit. They operate like businesses, with specialized roles (developers, money mules, negotiators).
- Motivation: Financial gain.
- Tactics: Ransomware-as-a-Service (RaaS), banking trojans, phishing campaigns.
Hacktivists
Individuals or groups who attack systems to promote a political agenda, social cause, or ideology. They aim to cause disruption or reputational damage.
- Motivation: Social change, political statement, revenge.
- Tactics: DDoS attacks, defacing websites, doxxing.
Insider Threats
Current or former employees, contractors, or partners who have authorized access to the organization's network. They can be malicious (intentional) or negligent (accidental).
- Motivation: Revenge, financial gain, or simple error (negligence).
- Tactics: Data exfiltration, sabotage, clicking phishing links (negligence).
Script Kiddies
Unskilled attackers who use existing scripts, tools, or exploits developed by others to cause harm. They lack the knowledge to create their own tools.
- Motivation: Notoriety, thrill-seeking, bragging rights.
- Tactics: Running automated scanners, using pre-packaged DDoS tools.