My Games
Account 🔐
Sign Up
Login
Global Leaderboard
Case Vault
Badge Backpack
Blue Team Glossary
Login and start playing
Leaving so soon?
×
You really want to log out? We were having so much fun!
Home
›
Glossary
›
Threat Actor
Threat Actor
Definition
A threat actor is a person or group that intentionally carries out harmful activity in cyberspace. Their actions are driven by a purpose such as financial gain, espionage, political influence, sabotage, or personal challenge. Threat actors operate at many different skill levels. Some use widely available tools with little understanding. Others are highly organized teams with funding, infrastructure, and long-term objectives. Threat actors are often grouped by their motivations: * Cybercriminals seek money through ransomware, data theft, account fraud, or selling access to compromised systems. * Nation-state actors work on behalf of a government to gather intelligence, steal technology, or disrupt services in another country. * Hacktivists target organizations to make a political or social statement. * Insider threats involve employees or contractors misusing their legitimate access. * Terrorist organizations may target infrastructure to cause fear or disruption. Threat actors rarely use their real names. Instead, cybersecurity companies assign names to track activity over time. These names help analysts recognize patterns in how a specific actor operates, even when they change tools or infrastructure. Different companies have their own naming systems and may not coordinate with each other, so the same threat actor can have multiple names. For example: * One company may name groups after animals * Another may use geographic themes or weather patterns * Government organizations may use numeric identifiers The variation happens because companies discover, analyze, and publish their research independently. They may not always know which activity another company already attributed to a particular actor. Over time, the community compares intelligence and may link multiple names back to the same underlying group. Understanding threat actors helps defenders predict likely targets, methods, and goals. When analysts can identify which group is responsible, they can use past behavior to guide investigation, defense, and response decisions.
Explore More Terms
Ip-Address
Investigation
Hack-And-Leak
Phishing-Campaign
Process_commandline
.png)
