Threat Actors with examples

There are many different types of threat actors in the cybersecurity landscape, each with their own objectives and associated campaigns. Here are a few examples:

Nation-state Actors

Nation-state actors are typically government-sponsored groups that engage in cyber espionage and cyber warfare to further their political and economic objectives.

Examples include:

APT10: A Chinese state-sponsored group that has been linked to campaigns targeting a wide range of industries, including healthcare, aviation, and technology.

https://attack.mitre.org/groups/G0045/

APT29: A Russian state-sponsored group that has been linked to campaigns targeting governments, think tanks, and military organizations.

https://attack.mitre.org/groups/G0016/

Lazarus Group: A North Korean state-sponsored group that has been linked to campaigns targeting financial institutions, critical infrastructure, and media organizations.

https://attack.mitre.org/groups/G0032/

Cybercriminals

Cybercriminals are individuals or groups who engage in cyberattacks for financial gain. Examples include:

Magecart: A group that specializes in stealing credit card information from online shopping sites by injecting malicious code into e-commerce websites.

https://attack.mitre.org/groups/G0037/

Ransomware Gangs: Groups that use ransomware to encrypt the files of victims and demand payment in exchange for the decryption key. Examples include REvil, DarkSide, and Ryuk.

https://attack.mitre.org/software/S0496/

https://attack.mitre.org/software/S0446/

https://attack.mitre.org/software/S1040/

Business Email Compromise (BEC) Scammers: Groups that use social engineering and spear-phishing techniques to trick businesses into transferring money to fraudulent bank accounts.

Hacktivists

Hacktivists are individuals or groups who engage in cyberattacks to promote a political or social cause. Examples include:

Anonymous: A loosely organized group that has been involved in campaigns targeting governments, corporations, and individuals who are seen as promoting censorship or injustice.

Syrian Electronic Army (SEA): A group that has been linked to campaigns supporting the government of Syrian President Bashar al-Assad, including attacks on news organizations and social media accounts.

Hackers for Hire

These are individuals or groups who are paid to conduct cyberattacks on behalf of others, usually with the aim of gaining access to sensitive information or disrupting the operations of a target.

Examples include:

NSO Group: An Israeli-based company that produces surveillance software used by government agencies and other clients to monitor the activities of individuals, including journalists and human rights activists.

https://attack.mitre.org/software/S0316/

https://attack.mitre.org/software/S0289/

Dark Basin: A hacking group that has been linked to campaigns targeting government officials, journalists, and human rights activists on behalf of private clients.

https://en.wikipedia.org/wiki/Dark_Basin

Insider Threats

These are individuals within an organization who have access to sensitive information and use it for their own personal gain or to cause harm to the organization. Examples include:

Edward Snowden:

A former contractor for the US National Security Agency (NSA) who leaked classified information to the media in 2013.

Chelsea Manning:

A former US Army soldier who leaked classified military and diplomatic documents to WikiLeaks in 2010.

State-Sponsored Cybercriminals

These are individuals or groups who engage in cyberattacks on behalf of a nation-state, but are not part of the official government or military.

Examples include:

Shadow Brokers: A group that has been linked to campaigns targeting government agencies and defense contractors, and is suspected to have ties to Russian intelligence agencies.

https://en.wikipedia.org/wiki/The_Shadow_Brokers

Equation Group: A group that has been linked to campaigns targeting governments, military organizations, and financial institutions, and is suspected to have ties to the US National Security Agency (NSA).

https://en.wikipedia.org/wiki/Equation_Group

Cyberterrorists

These are individuals or groups who engage in cyberattacks with the aim of causing harm or disrupting critical infrastructure.

Examples include:

Islamic State Hacking Division: A group that has been linked to campaigns targeting social media accounts and websites, and has called for attacks on critical infrastructure, such as power grids and transportation systems.

Cyber Caliphate: A group that has been linked to campaigns targeting government agencies, media organizations, and military targets, and has claimed allegiance to the Islamic State.

These are just a few more examples of the types of threat actors and campaigns that exist in the cybersecurity landscape. It is important for individuals and organizations to stay informed about new threats and to adopt proactive measures to mitigate the risk of cyberattacks.