The table below describes the major types of threat actor groups:
  • Advanced persistent threat (APT) attack groups
  • Cybercriminals
  • Hacktivists
Characteristic
APT attack groups
Cybercriminals
Hacktivists
Motivation
Strategic goals (espionage, data theft, infrastructure disruption)
Financial gain
Social, political, or ideological causes
Sophistication
Highly advanced, custom tools
Varies, often use off-the-shelf malware
Varies, often use publicly available tools
Target selection
Specific, high-value organizations or sectors
Broad range of targets
Organizations perceived as unethical or opposed to their cause
Attack duration
Long-term, persistent presence
Generally shorter-term
Usually short-term, event-driven
Funding
Well-funded, often state-sponsored
Varies, self-funded to organized crime
Limited, often self-funded
Techniques
Advanced, zero-day exploits, custom malware
Known vulnerabilities, phishing, ransomware
Distributed denial of service (DDoS) attacks, website defacement, information leaks
Stealth
High emphasis on remaining undetected
Varies, may prioritize quick payouts
Often seek publicity for their actions
Organization
Highly organized teams
Individual to organized groups
Individual to loosely organized collectives
Typical targets
Government agencies, defense contractors, critical infrastructure
Businesses, individuals, financial institutions
Governments, corporations, organizations opposing their views