Threat Actor Types and Attributes Flash Cards

Types of Attack Actors

Script Kiddies

In programming and hacking cultures, a script kiddie, skiddie, or skid is an unskilled individual who uses scripts or programs developed by others to attack computer systems and networks and deface websites, such as a web shell. -Wikipedia


In Internet activism hacktivism or hactivism is the use of technology to promote a political agenda or a social change -Wikipedia

Organized Crime

Organized crime is a category of transnational, national, or local groupings of highly centralized enterprises run by criminals to engage in illegal activity, most commonly for profit. Some criminal organizations, such as terrorist groups, are politically motivated. -Wikipedia

Nation States

A nation state is a state in which a great majority shares the same culture and is conscious of it.


An advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. -Wikipedia


Any person with authorized access to any U.S. Government resource, to include personnel, facilities, information, equipment, networks, or systems. -NIST


An organization or country engaged in commercial or economic competition with others. -Google


Internal threat actors are those trusted insiders that have permission to be on the organizations network and information systems. These users have authorized access to information and systems.


External threat actors come from outside the organization and do not have authorized access to the organizations information systems, data, or physical resources and spaces

Level of Sophistication

The level of sophistication is an important factor in the determination of the risk of a threat actor. Highly sophisticated threat actors are more likely to be successful if an attack is launched. Less sophisticated attackers have a lower probability of an attack being successful should it be launched.


Resources and funding determines how well a threat actor is able to support the attack monetarily or with the needed equipment and software.


Motivation is an important factor in a successful attack against an organization. Highly motivated threat actors are more likely to actually launch an attack against an organization while less motivated actors may prepare but never launch the attack. The intent or motivation of an actor may be tied to the political, ideological or personal goals of the attacker.

Open-Source Intelligence

Open-source intelligence (OSINT) is data collected from publicly available sources to be used in an intelligence context -Wikipedia