In the general media, hackers or cybercriminals are often referred to as perpetrators. However, that is too general. The European Union Agency for Cyber Security (ENISA) defines five actors.

1. State-nexus Threat Groups:

These groups act on behalf of a state. In this context, they are often referred to as advanced persistent threats or APTs. They are usually well-funded, well-equipped, and well-trained. Their main objectives are espionage and revenue generation. Sometimes, they are directed by their country’s military, intelligence, or state control apparatus.

State-sponsored gangs often spend a lot of time researching their targets to identify vulnerabilities and entry points. Although the techniques they use are not always new, their motivation and planning enable them to conduct large-scale, sophisticated, targeted, and long-term sustained operations. ‘State-nexus threat groups do not only target other states. They may target other organizations for their sensitive data. Or they may conduct operations to generate funds for their country,’ the ENISA researchers argue.

2. Cybercriminals:

For this group, financial gain is paramount. Their attacks are, therefore, often opportunistic and random. They target the data or infrastructure that has the greatest impact on their victims’ activities. They may steal directly from victims, extort their victims, or monetize the stolen information. Cybercriminals often make use of social engineering. ‘In recent years, cybercriminals have become much more professional and collaborative, making them a factor to be reckoned with,’ the researchers said.

3. Hackers-for-hire:

Hackers-for-hire work on behalf of cybercriminals and also provide services to state-nexus threat groups. These actors often also lower the threshold for accessing the criminal market, for example, by offering ransomware-as-a-service (RaaS). They also play a key role in the market that thrives on selling access to environments (so-called initial access brokers or IABs), either because the threat actor has been instructed to do so or for opportunistic reasons. This group is a major contributor to the professionalization and ‘business model’ of the cybercrime market.

4. Hacktivists:

Hacktivists often have fewer resources than the above three. But they tend to be highly motivated. Their goals are generally disruptive: they hack to bring about some form of political or social change. ‘Hacktivist groups are very diverse and vary widely in their skills and capabilities,’ says ENISA. Moreover, they are also sometimes used by state interest groups for information manipulation and interference operations, among other things.

5. Insiders:

Insiders remain the most efficient way for the above-mentioned actors to gain access to an organization’s internal processes. As such, they sometimes contribute (consciously or unconsciously) to the initial access to a victim’s environment.

This article previously appeared in the Cybersec Europe e-Magazine #3.