Home > Fundamentals

Threat Actors (Hackers, Script Kiddies, Hacktivists, Nation-States)

The cyber threat landscape is the different kinds of people and methods that try to harm computers, data, or networks. Knowing who they are and how they attack helps us defend better.

1. Cybercriminals (money-motivated)

People or groups who hack to steal money or sell data.
What they do:

  • Ransomware: lock files and demand money.

  • Theft: steal data, credit cards, or login details.

  • Scams: fake invoices, fraud, Business Email Compromise (BEC).

  • Many run like businesses (e.g., Ransomware-as-a-Service).

2. Script Kiddies (beginners)

Amateur hackers who use ready-made tools and scripts.
Key points:

  • They don’t write their own exploits.

  • Motivated by fun, attention, or revenge.

  • Can cause trouble: DDoS, malware spread, website defacement.

3. Hacktivists (political/ideological)

Hackers who attack for a cause (political, social, environmental).
They may:

  • Take down websites (DDoS).

  • Leak data to expose wrongdoing.

  • Deface sites with messages or doxing.

  • Sometimes cooperate with others or use tools that look criminal.

4. Nation-State Actors (state-sponsored)

Government-backed teams with lots of money and time.
They aim to:

  • Spy (steal secrets).

  • Sabotage critical systems (energy, transport, healthcare).

  • Influence politics or steal technology.
    They use very advanced, patient methods and sometimes AI.

5. Insider Threats (from inside the organization)

People inside a company who cause harm, intentionally or by accident.
Types:

  • Malicious insiders who steal or sabotage.

  • Colluders who work with outside criminals.

  • Accidental insiders who make mistakes (like falling for phishing).
    Insider risk rises during layoffs or big changes.

Common attack paths (attack vectors)

Email-based

  • Phishing: trick people into clicking links or giving passwords.
    Stages: research → build trust → exploit → execute.

  • BEC (Business Email Compromise): fake exec emails to steal money.

  • VEC (Vendor Email Compromise): fake supplier invoices.

Social engineering (attacking people)

  • Spear phishing: highly targeted phishing.

  • Pretexting: fake stories to get info.

  • Baiting: leaving infected USBs or fake offers.

  • Vishing/Smishing: phone or SMS scams.
    (Humans are the weakest link — many attacks use emotions like fear or greed.)

Web-based attacks

  • XSS (Cross-site scripting): run bad code in a user’s browser.

  • SQL Injection: trick a site to reveal its database.

  • Keyloggers: record keystrokes to steal passwords.

  • SSRF: make a server request internal systems it shouldn’t access.
    Use Web Application Firewalls (WAFs) to help block these.

Supply chain attacks

  • Hack software or hardware before it reaches users.

  • Compromising a trusted supplier can affect many targets downstream.

Quick takeaway

  • There are different attackers: criminals (for money), beginners, activists, state actors, and insiders.

  • Attacks often start with people (phishing/social engineering) or trusted software/services (supply chain).

  • Defenses include training people, using security tools (WAF, email filters), monitoring insiders, and keeping software updated.

HOME LEARN COMMUNITY DASHBOARD