The table below describes the major types of threat actor groups:
- Advanced persistent threat (APT) attack groups
- Cybercriminals
- Hacktivists
Characteristic
|
APT attack groups
|
Cybercriminals
|
Hacktivists
|
Motivation
|
Strategic goals (espionage, data theft, infrastructure disruption)
|
Financial gain
|
Social, political, or ideological causes
|
Sophistication
|
Highly advanced, custom tools
|
Varies, often use off-the-shelf malware
|
Varies, often use publicly available tools
|
Target selection
|
Specific, high-value organizations or sectors
|
Broad range of targets
|
Organizations perceived as unethical or opposed to their cause
|
Attack duration
|
Long-term, persistent presence
|
Generally shorter-term
|
Usually short-term, event-driven
|
Funding
|
Well-funded, often state-sponsored
|
Varies, self-funded to organized crime
|
Limited, often self-funded
|
Techniques
|
Advanced, zero-day exploits, custom malware
|
Known vulnerabilities, phishing, ransomware
|
Distributed denial of service (DDoS) attacks, website defacement, information leaks
|
Stealth
|
High emphasis on remaining undetected
|
Varies, may prioritize quick payouts
|
Often seek publicity for their actions
|
Organization
|
Highly organized teams
|
Individual to organized groups
|
Individual to loosely organized collectives
|
Typical targets
|
Government agencies, defense contractors, critical infrastructure
|
Businesses, individuals, financial institutions
|
Governments, corporations, organizations opposing their views
|