Jump to content

Threat Actor

From ICANNWiki
Revision as of 14:46, 28 July 2021 by Jessica (talk | contribs)

A threat actor is anyone who has the potential to impact Cybersecurity. The phrase ‘threat actor’ is commonly used in cybersecurity. The threat actor can be a person, group of people, or even an entire country. It refers to anyone who is a key driver or participant in a malicious action targeting organizational or personal IT security.[1]

Types

Threat actors can be cybercriminals, insiders, and/or nation-states.

Classifications

UNC

An uncategorized group (UNC) refers to a cluster of cyber intrusion activity (based on observable artifacts in the form of infrastructure, tools, and practices) that cannot yet be classified as an advanced persistent threat or a financially motivated threat. Nonetheless, a UNC must have at least one key characteristic. As evidence grows, the UNC will likely graduate into a fully defined group (See FIN11[2]).

APT

Advanced persistent threats

FIN

Financially motivated threats

References

  1. What is a threat actor, Sophos
  2. The graduation of FIN11, Fireye
Retrieved from "https://icannwiki.org/index.php?title=Threat_Actor&oldid=1329365"