2.1

Nation State

A government-backed group with extensive resources and political motives. Typically engages in cyberespionage, sabotage, or data theft.

example: A state-sponsored group infiltrating U.S. government networks to steal secrets.

Unskilled attacker

Also called a "script kiddie," this is someone with limited technical knowledge who uses existing tools or scripts to launch attacks.

A teenager using LOIC (Low Orbit Ion Cannon) to launch a DDoS on a game server or some roblox game.

Hacktivist

An individual or group that hacks systems to promote political, social, or ideological agendas.

example:

Anonymous defacing a government website to protest surveillance policies.

Insider threat

Someone within the organization (employee, contractor, etc.) who poses a security risk—maliciously or unintentionally. Example: A disgruntled employee stealing client data before quitting.

Organized crime

Well-funded criminal groups that operate like businesses to commit cybercrimes for financial gain.

example: A ransomware gang targeting hospitals for large payouts.

Shadow IT

Unauthorized IT systems or apps used inside an organization without official approval or oversight, increasing risk.

Employees using personal Dropbox accounts to share company files.

Internal (Attribute Of actors)

The threat originates from inside the organization (employee, contractor, vendor, etc.)

Example: An employee leaking sensitive files to competitors

External (Attribute of actor)

The threat comes from outside the organization (hackers, nation-states, etc.)

Example:

A ransomware group attacking a retail company

Resources/Funding

Measures the amount of money, time, and tools an actor has access to.

Example: Nation-states have advanced funding and zero-day tools

Level of Sophistication/Capability

Refers to the actor’s technical skill, planning, and use of advanced techniques

Example:

Script kiddies = low; APTs (Advanced Persistent Threats) = high

Data Exfiltration (Motivation of Threat Actor)

Stealing data (e.g., PII, trade secrets, credentials)
Example: Hacker stealing customer credit cards info

Espionage (Motivation)

Spying on targets for political or corporate gain Example: Nation-state stealing aerospace R&D data

Service Disruption (Motivation)

Causing outages, often via DDoS attacks or malware

Example: Bringing down banking websites with DDoS

Blackmail (Motivation)

Threatening to release or destroy data unless demands are met

Example: Ransomware attackers demanding payment or leak data

Financial Gain

Primary driver of most organized crime—steal, extort, or exploit for profit

Example: Phishing campaigns to steal banking credentials

Philosophical/Political Beliefs

Actions taken to support a cause or agenda

Example: Hacktivists defacing websites to protest laws

Ethical

Ethical hackers (white hats) test systems to find weaknesses before bad actors do

Example: A pentester ethically probing a company’s systems

Revenge

Personal vendetta driving insider threats or former employees

Example: Fired employee disabling production servers

Disruption/Chaos

Causing confusion or instability, sometimes without direct gain

Example: Attacker deleting all company backups just to cause damage

War

Nation-states conducting cyber warfare or disabling critical infrastructure

Example: Cyberattacks against power grids or satellites during geopolitical conflict