Threat Actor
A threat actor is anyone who has the potential to impact Cybersecurity. The phrase ‘threat actor’ is commonly used in cybersecurity. The threat actor can be a person, group of people, or even an entire country. It refers to anyone who is a key driver or participant in a malicious action targeting organizational or personal IT security.[1]
Types
Threat actors can be cybercriminals, insiders, and/or nation-states.
Classifications
UNC
An uncategorized group (UNC) refers to a cluster of cyber intrusion activity (based on observable artifacts in the form of infrastructure, tools, and practices) that cannot yet be classified as an advanced persistent threat or a financially motivated threat. Nonetheless, a UNC must have at least one key characteristic. As evidence grows, the UNC will likely graduate into a fully defined group (See FIN11[2]).
APT
Advanced persistent threats
FIN
Financially motivated threats