After this lesson, you will be able to: Categorize threat actors and understand attribution.
Knowing your adversary changes your defenses. A teenager with Metasploit is different from a nation-state APT. This lesson maps the actor categories, motivations, and the always-tricky business of attribution.
Cybercriminals, financial. Ransomware, fraud, theft. Most prolific by volume. Nation-state (APT), espionage, disruption. Patient, well-funded. Hacktivists, political. Defacement, leaks. Insiders, covered in DLP track. Script kiddies, using others' tools, often opportunistic.
1. TTPs, toolset, tradecraft fingerprints.
2. Infrastructure overlap, same C2 servers, certificates.
3. Code reuse, same malware families, mistakes.
4. Targets, geographic, industrial.
5. Operational windows, working hours.
Attribution is rarely certain. Confidence levels (low/medium/high) matter.
Different actors = different defenses. Ransomware crew = backup hygiene. APT espionage = detection of low-and-slow. Hacktivists = OPSEC of public-facing staff.
Pick.
Sign in and purchase access to unlock this lesson.