Threat Actor
A threat actor is anyone who has the potential to impact Cybersecurity. The phrase ‘threat actor’ is commonly used in cybersecurity. The threat actor can be a person, group of people, or even an entire country. It refers to anyone who is a key driver or participant in a malicious action targeting organizational or personal IT security.[1]
Types
Threat actors can be cybercriminals, insiders, and/or nation-states.
=State-Sponsored
Historically, state-sponsored advanced persistent threat (APT) actors have used spearphishing, brute force, and exploiting known vulnerabilities against accounts and networks with weak security.
Russian
- Russian-sponsored cyberattacks have been able to gain access via vulnerabilities in FortiGate VPNs, Cisco routers, Oracle WebLogic Servers, Kibana software, Zimbra software, Exim Simple Mail Transfer Protocol, Pulse Secure, Citrix, Microsoft Exchange, VMWare, and F5 Big-IP
- Recent high-profile cyberattacks targeted state, local, tribal, and territorial governments and aviation networks between September and December 2020, engaged in a global Energy Sector intrusion campaign between 2011 and 2018, and disrupted Ukrainian critical infrastructure in 2015, 2016, and 2022.[2]
Classifications
UNC
An uncategorized group (UNC) refers to a cluster of cyber intrusion activity (based on observable artifacts in the form of infrastructure, tools, and practices) that cannot yet be classified as an advanced persistent threat or a financially motivated threat. Nonetheless, a UNC must have at least one key characteristic. As evidence grows, the UNC will likely graduate into a fully defined group (See FIN11[3]).
APT
Advanced persistent threats
FIN
Financially motivated threats