Saturday, 27 August 2022

Threat Actors

Threat Actors

Before I discuss Threat Actor, Firstly you know about what is Threat? A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. I explain you Threat & Threat Classification in other blog.

“Threat Actor” is commonly used in cybersecurity. This is anyone who has the potential to impact your security. Threat Actor is an entity that is partially or wholly responsible for an incident that impacts – or has the potential to impact -- a Country or Organization's security.

A threat actor can be a single person carrying out a security incident, as well as a group, an organization, or even a country involved in carrying out a cyberattack

Threat actors and threat actor groups may span across multiple classifications, usually depending on the targets and motives of the activity we’re considering.




Nation-state Actor:-A type of threat actor that is supported by the resources of its host country's military and security services. Like many government-supported operations, nation-state threat actor activities are often conducted to achieve political, economic, or strategic military goals. Identifying and tracking these actors can be difficult, since many of the individuals involved use common techniques across teams, operate behind robust infrastructure, and use methods to actively obfuscated their behavior. Alternatively, they many use toolsets that are not often seen or impossible to detect at the time of the security event, such as a zero-day exploit.

Organized Crime:-A type of threat actor that uses hacking and computer fraud for commercial gain. They targeting to theft of intellectual property or personal user data, these criminals’ primary objective is to make money by selling stolen data.

Terrorists/Extremists:-Terrorist’s use of the internet and other telecommunications devices is growing both in terms of reliance for supporting organizational activities and for gaining expertise to achieve operational goals. Terrorists’  try to achieve objectives and computer vulnerabilities that might lead to an attempted cyberattack against the critical infrastructure of Country.

Hacker/Hacktivist:- A type of threat actor that is motivated by a social issue or political cause. They often rely on readily available tools and mass participation to achieve their desired effects against a target. Hacktivists are also known to use social media and defacement tactics to affect the reputation of their targets, hoping to erode public trust and confidence in their targets.

Trusted Insider:-A type of threat actor who is assigned privileges on the system that cause an intentional or unintentional incident. Ex-employees can be classified as internal threats or treated as external threats with insider knowledge.
Insider threats can be either intentional or unintentional,
  • Intentional: :A threat actor who conducts an attack with a specific purpose
  • Unintentional: A threat actor that causes a vulnerability or exposes an attack vector without malicious intent. Shadow IT is a form of unintentional insider threat

Thrill Seekers:-A thrill seeker is a person, who attacks computer systems merely to prove himself, in order to learn or experiment. While thrill seekers are not interested in damaging systems, they are interested in figuring out how things work and may cause surprising problems to systems and products.

No comments:

Post a Comment

Building Own SIEM Environment using Opensource Tools (Part 4)

  Building Own SIEM Environment using Opensource Tools (Part 4) Wazuh Server As per last blog, we are going to install Wazuh server and Wazu...