10/29/24, 1:13 ChatGPT

AM

Threat Actors (25 Types)

1. Script Kiddies
Description: Inexperienced individuals who use readily available tools or scripts
to carry out attacks with little technical expertise.
Characteristics:
Depend on pre-built software and have minimal hacking
knowledge. Motivated by boredom, curiosity, or to earn
credibility among peers. Tend to target low-security
systems, websites, or small businesses.
Example: A script kiddie launches a DDoS attack on a personal blog, using a
free tool they downloaded online.

2. Hacktivists
Description: Ideologically driven attackers who use cyber tools to advance a
social, political, or religious cause.
Characteristics:
Motivated by a sense of justice or to expose perceived wrongdoing.
Frequently utilize tactics such as website defacement, DDoS, and
data exposure. Often belong to organized groups like Anonymous
or operate individually.
Example: A hacktivist group defaces a government website to display
messages opposing environmental policies.

3. Cyber Criminals
Description: Profit-driven attackers engaging in activities like ransomware, credit
card fraud, and identity theft.
Characteristics:
Skilled in techniques like phishing, malware distribution, and
credential theft. Often part of organized crime networks
operating internationally.
Sell stolen data on the dark web or use it for extortion.

https://chatgpt.com/c/67207c77-43b0-8008-ae49- 1/
c249e4577499 19
10/29/24, 1:13 ChatGPT
AM
Example: A cyber criminal uses phishing emails to steal banking credentials and
later sells them on a dark web marketplace.

4. Insiders
Description: Employees, contractors, or partners who misuse legitimate access to
cause harm or expose sensitive data.
Characteristics:
Have authorized access to critical systems.
Often motivated by grievances, coercion, or negligence.
Hard to detect due to legitimate credentials and inside knowledge.
Example: A disgruntled employee shares proprietary information with competitors
as an act of revenge after being denied a promotion.

5. Nation-State Actors
Description: Government-sponsored attackers focusing on espionage, political
gain, or military advantage.
Characteristics:
Backed by significant resources and skilled in complex cyber
operations. Use sophisticated techniques, often engaging in
long-term infiltration.
Aim to gather intelligence, destabilize rivals, or conduct political espionage.
Example: A nation-state actor deploys a custom-built malware to infiltrate
government networks in a rival country, gathering intelligence over a year.

6. Hackers-for-Hire (Cyber Mercenaries)

Description: Attackers contracted to perform targeted cyber operations, often for
corporate or personal gains.
Characteristics:
Skilled in various attack techniques, from malware deployment to social
engineering.

https://chatgpt.com/c/67207c77-43b0-8008-ae49- 2/
c249e4577499 19
10/29/24, 1:13 ChatGPT
AM
Hired by organizations or individuals for cyber sabotage, espionage, or
infiltration. Motivated by financial reward rather than ideology.
Example: A competitor hires hackers-for-hire to disrupt a rival’s online
services, causing reputational and financial harm.

7.Cyber Terrorists
Description: Ideologically motivated attackers targeting critical infrastructure
to cause fear, disruption, or harm.
Characteristics:
Use high-impact attacks like ransomware, DDoS, or destructive malware.
Target sectors like healthcare, finance, and energy to maximize
disruption. Aim to create panic and instill fear in the general
population.
Example: Cyber terrorists deploy ransomware on a major city’s power grid,
threatening blackouts unless their demands are met.

8. Corporate Espionage Agents

Description: Attackers involved in gathering confidential information to give a
competitive edge to a rival company.
Characteristics:
Motivated by financial incentives or competitive advantage.
Use insiders, phishing, or direct hacking to gather intelligence.
Often work covertly to avoid direct association with the hiring company.
Example: An agent infiltrates a competitor’s R&D department, obtaining blueprints
of a soon-to- be-released product.

9. Organized Crime Syndicates

Description: Structured groups engaging in large-scale cybercrime, often
focusing on ransomware, fraud, and extortion.

https://chatgpt.com/c/67207c77-43b0-8008-ae49- 3/
c249e4577499 19
10/29/24, 1:13 ChatGPT
AM
Characteristics:
Often have complex hierarchies and international reach.
Utilize tactics like phishing, ransomware, and credential theft.
Skilled in laundering proceeds through cryptocurrencies or shell companies.
Example: A syndicate conducts a ransomware campaign against healthcare
providers, demanding cryptocurrency in exchange for data decryption keys.

10.Lone Wolf Hackers

Description: Independent hackers with advanced skills, motivated by
curiosity, personal grievances, or financial reward.
Characteristics:
Self-taught and highly adaptable in hacking methods.
Often focus on specific systems or organizations that align with
personal interests. Tend to work alone, creating their own custom
malware or tools.
Example: A lone wolf hacker creates ransomware targeting small businesses
and demands payment in cryptocurrency to unlock their files.

11.Financially Motivated Actors (Cyber Extortionists)

Description: Attackers focused on extortion through techniques like ransomware,
often targeting high-value assets.
Characteristics:
Driven by profit, usually demand cryptocurrency for anonymity.
Threaten to release sensitive data or keep it encrypted unless paid.
Often target industries with valuable data, like healthcare or finance.
Example: A cyber extortionist encrypts a hospital’s patient database,
demanding a $500,000 ransom for the decryption key.

12.Competitors

https://chatgpt.com/c/67207c77-43b0-8008-ae49- 4/
c249e4577499 19
10/29/24, 1:13 ChatGPT
AM
Description: Companies or individuals engaging in corporate espionage to gain
competitive advantage.
Characteristics:
Often use third-party agents to avoid direct association.
Target trade secrets, intellectual property, or business plans.
Motives include disrupting a rival’s operations or gaining insights into product
launches.
Example: A competitor hires a hacker to infiltrate another company’s email servers
and intercept confidential pricing discussions.

13.Bot Masters (Botnet Operators)

Description: Individuals who control networks of compromised devices (botnets) to
conduct cyber operations.
Characteristics:
Command thousands or millions of infected devices.
Use botnets for DDoS attacks, spam distribution, or
cryptomining. Often rent botnets to other criminals as a
paid service.
Example: A bot master launches a massive DDoS attack using a botnet of
IoT devices, overwhelming an e-commerce website during peak hours.

14.Insider Threats (Unintentional)

Description: Employees or contractors who accidentally expose systems to risks
due to lack of awareness or negligence.
Characteristics:
Usually not malicious, but their actions can lead to severe data
breaches. Vulnerable to phishing and social engineering
attacks.
Commonly download or open attachments from unknown sources.
Example: An employee accidentally sends sensitive customer information to an
external contact, leading to a data leak.

https://chatgpt.com/c/67207c77-43b0-8008-ae49- 5/
c249e4577499 19
10/29/24, 1:13 ChatGPT
AM
15.Social Media Trolls
Description: Individuals or groups using social media to harass, spread
misinformation, or manipulate public opinion.
Characteristics:
Use fake accounts, bots, or paid followers to amplify
reach. Often motivated by political, ideological, or
personal beliefs. Frequently target influencers,
public figures, or brands.
Example: A troll group spreads false rumors about a company’s product recall on
social media, causing public distrust.

16.Cyber Stalkers
Description: Attackers who use cyber tools to monitor, harass, or intimidate specific
individuals.
Characteristics:
Often motivated by personal reasons, such as revenge
or control. Utilize GPS tracking, spyware, and social
media monitoring.
Can cause psychological distress or physical threats to targets.
Example: A cyberstalker installs spyware on a victim’s device to monitor their
messages, location, and online activities.

17.Political Operatives
Description: Individuals or groups that manipulate information, spread propaganda,
or sabotage opponents’ campaigns for political gain.
Characteristics:
Utilize hacking, misinformation, and social
engineering. Motivated by political objectives or
influence.
Commonly target election periods to sway public opinion.
Example: A political operative hacks into a rival candidate’s website, posting
fabricated negative content.

https://chatgpt.com/c/67207c77-43b0-8008-ae49- 6/
c249e4577499 19
10/29/24, 1:13 AM ChatGPT

18. Dark Web

Vendors
Description: Individuals or groups selling illegal goods and services on dark web
marketplaces, including stolen data, malware, and exploit kits.
Characteristics:
Operate anonymously, often using cryptocurrencies.
Sell items such as login credentials, malware kits, and counterfeit
documents. Serve a wide range of buyers, from criminals to
hackers.
Example: A vendor sells credit card data on a dark web marketplace, allowing
buyers to make fraudulent purchases.

19.Revenge Seekers
Description: Attackers motivated by personal grievances, targeting individuals or
organizations as a form of retaliation.
Characteristics:
Driven by emotions such as anger or revenge.
Commonly target former employers, partners, or
competitors. Use tactics like data leaks, harassment,
or website defacement.
Example: An ex-employee leaks confidential project files from their former
employer to damage the company’s reputation.

20.Fraudsters
Description: Criminals engaging in financial scams like phishing, fake websites,
and payment fraud.
Characteristics:
Skilled in impersonation and social engineering.
Commonly target individuals, small businesses, and vulnerable
populations. Use scams like fake shopping websites, tech support
fraud, and loan scams.
Example: A fraudster creates a fake shopping site to trick customers into paying for
products that don’t exist.

https://chatgpt.com/c/67207c77-43b0-8008-ae49- 7/
c249e4577499 19
 21.Ethical Hackers (Penetration Testers)
Description: Security experts authorized to identify system vulnerabilities through
legal hacking.
Characteristics:
Operate under legal and ethical guidelines.
Use the same tools as malicious hackers but with
permission. Help organizations improve security
defenses.
Example: A penetration tester simulates a phishing attack to test employees’
response and security awareness.

22.Whistleblowers
Description: Insiders exposing unethical or illegal practices within an organization,
often gathering evidence through digital means.
Characteristics:
Motivated by ethical considerations or a sense of
justice. May face retaliation for exposing internal
issues.
Often leak information to the media or regulatory bodies.
Example: A whistleblower releases internal emails showing environmental
violations by a corporation.

23.Professional Cyber Espionage Agents

Description: Skilled hackers hired by corporations or governments to infiltrate
and gather intelligence.
Characteristics:
Technically proficient in stealth and data exfiltration.
Target sensitive data like trade secrets or political
information. Operate covertly, aiming to remain
undetected.
Example: An agent infiltrates a competitor’s network to gather data on proprietary
research.

https://chatgpt.com/c/67207c77-43b0-8008-ae49- 8/
c249e4577499 19
10/29/24, 1:13 ChatGPT
AM
24.Data Brokers
Description: Individuals or firms collecting and selling personal data, often
obtained through breaches or scraping.
Characteristics:
Collect large datasets on individuals, including demographics and
online behavior. Sell information to marketers, governments, and
private clients.
Operate legally but can sometimes use questionable methods.
Example: A data broker sells social media data to an advertising firm to help
target specific audiences.

25.Tech-Savvy Criminals
Description: Criminals with moderate skills who exploit vulnerabilities for quick
profit, often through scams and fake websites.
Characteristics:
Skilled in basic hacking techniques and social
engineering. Often target non-technical individuals
or small businesses. Use scams such as fake tech
support services and phishing.
Example: A tech-savvy criminal sets up a fake “tech support” line, charging users for
fake services.

Attack Vectors (25 Types)

1. Phishing
Description: A social engineering attack designed to deceive individuals into
revealing sensitive information through deceptive emails, texts, or websites.
Characteristics:
Often uses fake emails mimicking trusted
entities. Targets individuals and businesses
alike.

https://chatgpt.com/c/67207c77-43b0-8008-ae49- 9/19
c249e4577499
10/29/24, 1:13 ChatGPT
AM
Often leads to credential theft or malware installation.
Example: A phishing email from a “bank” prompts users to enter login
credentials on a fake website, leading to account takeover.

2. Malware
Description: Malicious software such as viruses, worms, and ransomware
designed to disrupt, damage, or gain unauthorized access to systems.
Characteristics:
Includes a variety of malicious code types.
Often hidden in attachments, downloads, or software
updates. Can steal data, disrupt systems, or demand
ransom.
Example: Ransomware encrypts a company's files and demands payment in
exchange for a decryption key.

3. Social Engineering
Description: Manipulating individuals into divulging confidential information or
taking actions that compromise security.
Characteristics:
Exploits human psychology.
Often involves impersonation or fabricated
scenarios. Common in phishing and vishing
attacks.
Example: Pretending to be an IT technician to obtain an employee’s login
credentials over the phone.

4. Brute Force Attack

Description: Repeatedly guessing passwords or keys until the correct one is found,
typically using automated tools.
Characteristics:

https://chatgpt.com/c/67207c77-43b0-8008-ae49- 10/
c249e4577499 19
10/29/24, 1:13 ChatGPT
AM
Effective against weak passwords.
Often targets user accounts, encrypted files, or login
pages. Time-consuming but can yield significant
access if successful.
Example: Using a password-cracking tool to repeatedly try common passwords on
a user’s account.

5. Man-in-the-Middle (MitM) Attack

Description: Intercepting communications between two parties to eavesdrop, alter
messages, or steal data.
Characteristics:
Exploits weaknesses in network security.
Often conducted on public Wi-Fi or unencrypted networks.
Used to steal credentials, hijack sessions, or spy on communications.
Example: Intercepting a user’s credentials over an unencrypted Wi-Fi network at a
café.

6. Zero-Day Exploit
Description: Exploiting previously unknown vulnerabilities in software, before the
developer has released a fix.
Characteristics:
Highly dangerous due to lack of available defenses.
Often sold on the dark web or used by nation-state
actors. Difficult to detect, as no patch exists.
Example: Attacking a flaw in a popular software application before a security patch is
issued.

7.DoS/DDoS Attacks
Description: Overwhelming a system, server, or network with excessive
traffic, rendering it inaccessible to legitimate users.
Characteristics:

https://chatgpt.com/c/67207c77-43b0-8008-ae49- 11/
c249e4577499 19
10/29/24, 1:13 ChatGPT
AM
DDoS attacks are amplified by botnets.
Often used to disrupt services during high-traffic
periods. Can cause financial loss and reputational
damage.
Example: A botnet floods a retail website with traffic on Black Friday, crashing the
site during peak hours.

8. SQL Injection
Description: Injecting malicious SQL code into web forms to manipulate or access a
database.
Characteristics:
Targets vulnerable web applications.
Can expose or alter sensitive information in a
database. Common in login pages and search
bars.
Example: Injecting SQL commands to bypass login authentication and gain access
to restricted user data.

9. Credential Stuffing
Description: Using breached usernames and passwords to access accounts on
other platforms, exploiting password reuse.
Characteristics:
Often automated, making it fast and scalable.
Relies on individuals reusing passwords
across sites. Can lead to account takeover
and identity theft.
Example: Attempting to log into multiple accounts using passwords from a previous
data breach.

10.Supply Chain Attack

Description: Targeting third-party vendors or software updates to indirectly
infiltrate an organization.

https://chatgpt.com/c/67207c77-43b0-8008-ae49- 12/
c249e4577499 19
10/29/24, 1:13 ChatGPT
AM Characteristics:

https://chatgpt.com/c/67207c77-43b0-8008-ae49- 13/
c249e4577499 19
10/29/24, 1:13 ChatGPT
AM
Exploits trusted vendor relationships.
Often difficult to detect, as it appears to come from
legitimate sources. Impacts multiple entities connected to the
supply chain.
Example: Compromising a vendor’s software update, which is then installed by
thousands of end- users.

11.Drive-By Download
Description: Malware that is automatically downloaded when a user visits a
compromised website, often without user action.
Characteristics:
Exploits browser or plugin vulnerabilities.
Commonly used to spread ransomware and spyware.
Difficult to detect, as it doesn’t require user interaction.
Example: A user visits an infected website and unknowingly downloads malware
that captures their keystrokes.

12.Cross-Site Scripting (XSS)

Description: Injecting malicious scripts into trusted websites to steal data or
manipulate user interactions.
Characteristics:
Targets user input fields on websites.
Can steal session cookies, hijack user accounts, or
redirect users. Often used in session hijacking and data
theft.
Example: An attacker injects a script on a forum that captures session cookies
from other users, allowing account hijacking.

13.Insider Threat

https://chatgpt.com/c/67207c77-43b0-8008-ae49- 14/
c249e4577499 19
10/29/24, 1:13 ChatGPT
AM
Description: Internal individuals misusing authorized access, either intentionally or
accidentally, compromising data or operations.
Characteristics:
Difficult to detect as they use legitimate access.
Often motivated by grievances, financial gain, or
negligence. Highly dangerous due to insider
knowledge and access level.
Example: An employee with access to financial records sells proprietary
information to competitors.

14.Watering Hole Attack

Description: Compromising websites frequently visited by a target organization,
infecting them to distribute malware.
Characteristics:
Targets specific industries or groups.
Exploits the trust users have in commonly visited sites.
Effective in targeting high-value individuals or organizations.
Example: Infecting a government research website visited by a defense
contractor, resulting in malware installation on contractor systems.

15.Password Spraying
Description: Attempting a single common password across many accounts to avoid
detection and increase success.
Characteristics:
Often bypasses account lockout measures.
Targets accounts with weak, commonly used passwords.
Used to gain access to numerous accounts without alerting security systems.
Example: Testing “Welcome123” on hundreds of email accounts within an
organization.

https://chatgpt.com/c/67207c77-43b0-8008-ae49- 15/
c249e4577499 19
10/29/24, 1:13 ChatGPT
AM
16.Email Spoofing
Description: Forging email headers to impersonate trusted entities, often used
in phishing schemes.
Characteristics:
Can easily deceive users into believing it’s from a legitimate source.
Often used to prompt urgent actions, like wire transfers or login
prompts. Common in business email compromise (BEC)
attacks.
Example: An email appearing to be from the CEO instructs finance staff to make an
urgent wire transfer to a foreign account.

17.DNS Poisoning (DNS Spoofing)

Description: Corrupting DNS records to redirect traffic to malicious websites.
Characteristics:
Exploits vulnerabilities in DNS to misdirect
users. Can steal login credentials or
spread malware.
Often difficult for users to detect the redirection.
Example: Redirecting a bank’s URL to a fake website to steal users’ login credentials.

18.Typosquatting
Description: Registering similar domain names to popular sites to trick users
into visiting malicious sites.
Characteristics:
Exploits common typos or misspellings of popular
websites. Often used for phishing or ad fraud.
Targets users typing URLs manually or through deceptive ads.
Example: Redirecting visitors of “gooogle.com” to a phishing page resembling
Google’s login.

https://chatgpt.com/c/67207c77-43b0-8008-ae49- 16/
c249e4577499 19
10/29/24, 1:13 AM ChatGPT

19. Eavesdropping
Attack
Description: Intercepting network communications to gather sensitive information.
Characteristics:
Exploits unencrypted traffic or weak network
security. Common in public Wi-Fi or unsecured
networks.
Often used to steal login credentials or session cookies.
Example: Using packet-sniffing tools on an open Wi-Fi network to capture user data.

20.Privilege Escalation
Description: Exploiting system vulnerabilities to gain higher-level permissions,
accessing restricted resources.
Characteristics:
Targets flaws that allow unauthorized access elevation.
Can be used to obtain administrative control over a
system. Often leads to more significant data theft or
system control.
Example: Exploiting a vulnerability to gain root access to a restricted database server.

21.Rogue Software (Scareware)

Description: Fake software designed to scare users into installing malware
or paying for unnecessary services.
Characteristics:
Often mimics legitimate antivirus or repair tools.
Generates fake warnings to prompt payment or
downloads. Common in tech support scams.
Example: A pop-up claims “Your system is infected!” and prompts users to purchase
fake antivirus software.

https://chatgpt.com/c/67207c77-43b0-8008-ae49- 17/
c249e4577499 19
10/29/24, 1:13 AM ChatGPT

22.
Clickjacking
Description: Tricking users into clicking on hidden or disguised elements within a
webpage.
Characteristics:
Often overlays hidden actions on legitimate
buttons. Used to gain unauthorized control or
redirect users. Commonly exploits social media
and “like” buttons.
Example: A hidden “Share” button placed over a “Play” button causes users to
unknowingly share a link.

23.Malvertising
Description: Embedding malicious code in online ads displayed on legitimate
websites, leading to harmful sites.
Characteristics:
Targets high-traffic sites and ad networks.
Redirects users to malware-laden sites or fake
downloads. Effective in reaching a broad
audience quickly.
Example: An ad displayed on a popular news site redirects users to a phishing site.

24.Remote Code Execution (RCE)

Description: Executing unauthorized code on a target system by
exploiting software vulnerabilities.
Characteristics:
Targets poorly secured or outdated software.
Allows attackers to install malware or control systems
remotely. Common in attacks on vulnerable web
applications.
Example: Using an RCE exploit to install spyware on a user’s computer, granting
access to files and communications.

https://chatgpt.com/c/67207c77-43b0-8008-ae49- 18/
c249e4577499 19
 25.IoT Attacks
Description: Compromising connected devices, such as smart cameras or
thermostats, to use them in larger attacks.
Characteristics:
Often targets devices with weak or default security
settings. Used to form botnets for DDoS attacks or to
spy on users.
Difficult to monitor due to limited device security features.
Example: Hacking IoT cameras to create a botnet, later used in a DDoS attack
against a major website.

https://chatgpt.com/c/67207c77-43b0-8008-ae49- 19/
c249e4577499 19