Threat actor
Definition
An individual or group responsible for a security incident or malicious campaign. Threat actors are categorised by motivation (financial, espionage, hacktivism, destruction) and by sophistication. Nation-state actors, organised criminal groups, and opportunistic script kiddies each present different risk profiles and require different responses.
Related terms
- Advanced Persistent Threat (APT)
- A category of attacker, typically nation-state or state-sponsored, characterised by high technical capability, long dwell times, specific targets, and disciplined operational security....
- CSIRT (Computer Security Incident Response Team)
- A dedicated team responsible for coordinating the response to confirmed security incidents. The CSIRT manages containment, forensic investigation, communication to stakeholders, and...
- Escalation Path
- The predefined chain of notification and decision-making authority that an incident follows as its severity increases. Documented in the IR plan before...
- Indicator of Compromise (IoC)
- An observable artefact that suggests a system has been involved in a malicious event. Static analysis produces file-based IoCs: cryptographic hashes, embedded...
- Insider threat
- An incident originating from a person with legitimate access to an organisation's systems, whether through malicious intent (data theft, sabotage) or negligence...
- MITRE ATT&CK
- A publicly available knowledge base of adversary tactics, techniques, and procedures derived from real-world intrusion observations. Maintained by the MITRE Corporation. Techniques...
- SOC (Security Operations Centre)
- A function providing continuous monitoring, alert triage, and early detection of security events. The SOC is the first tier of response: it...
- Tactics, Techniques, and Procedures (TTPs)
- A three-level description of adversary behaviour. Tactics are the high-level goals (initial access, persistence, exfiltration). Techniques are the specific methods (spear-phishing, pass-the-hash)....
- Threat intelligence
- Processed, analysed information about adversaries, their capabilities, and their current or anticipated activities. Includes strategic intelligence (actor motivations and trends) and tactical...
- Threat vector
- The pathway or method a threat actor uses to gain access or cause harm. Examples include phishing email, unpatched software vulnerabilities, compromised...
Explained in these topics
- Key Terms and Stakeholders in Incident ResponseAn individual or group responsible for a security incident or malicious campaign. Threat actors are categorised by motivation (financial, espionage, hacktivism...
- The Threat Landscape and Threat ActorsAn individual, group, or organisation with the motivation and capability to carry out an attack against an information system. Classified by type (nation-state...