Difference between revisions of "Threat Actor"
(Created page with "A '''threat actor''' is anyone who has the potential to impact Cybersecurity. The phrase ‘threat actor’ is commonly used in cybersecurity. The threat actor can be a p...") |
|||
| Line 1: | Line 1: | ||
| − | A '''threat actor''' is anyone who has the potential to impact [[Cybersecurity]]. The phrase ‘threat actor’ is commonly used in cybersecurity. The threat actor can be a person, group of people, or even an entire country. It refers to anyone who is a key driver or participant in a malicious action targeting organizational or personal IT security.<ref>[https://home.sophos.com/en-us/security-news/2021/what-is-a-threat-actor.aspx What is a threat actor, Sophos]</ref> | + | A '''threat actor''' is anyone who has the potential to impact [[Cybersecurity]]. The phrase ‘threat actor’ is commonly used in cybersecurity. The threat actor can be a person, group of people, or even an entire country. It refers to anyone who is a key driver or participant in a malicious action targeting organizational or personal IT security.<ref>[https://home.sophos.com/en-us/security-news/2021/what-is-a-threat-actor.aspx What is a threat actor, Sophos]</ref> |
| + | |||
==Types== | ==Types== | ||
| + | Threat actors can be cybercriminals, insiders, and/or nation-states. | ||
| + | |||
| + | ==Classifications== | ||
===UNC=== | ===UNC=== | ||
| + | An uncategorized group (UNC) refers to a cluster of cyber intrusion activity (based on observable artifacts in the form of infrastructure, tools, and practices) that cannot yet be classified as an advanced persistent threat or a financially motivated threat. Nonetheless, a UNC must have at least one key characteristic. As evidence grows, the UNC will likely graduate into a fully defined group (See FIN11<ref>[https://vision.fireeye.com/editions/09/09-threats-in-focus.html The graduation of FIN11, Fireye]</ref>). | ||
===APT=== | ===APT=== | ||
| + | Advanced persistent threats | ||
===FIN=== | ===FIN=== | ||
| + | Financially motivated threats | ||
| + | |||
==References== | ==References== | ||
Revision as of 14:46, 28 July 2021
A threat actor is anyone who has the potential to impact Cybersecurity. The phrase ‘threat actor’ is commonly used in cybersecurity. The threat actor can be a person, group of people, or even an entire country. It refers to anyone who is a key driver or participant in a malicious action targeting organizational or personal IT security.[1]
Types
Threat actors can be cybercriminals, insiders, and/or nation-states.
Classifications
UNC
An uncategorized group (UNC) refers to a cluster of cyber intrusion activity (based on observable artifacts in the form of infrastructure, tools, and practices) that cannot yet be classified as an advanced persistent threat or a financially motivated threat. Nonetheless, a UNC must have at least one key characteristic. As evidence grows, the UNC will likely graduate into a fully defined group (See FIN11[2]).
APT
Advanced persistent threats
FIN
Financially motivated threats