A threat actor or “malicious actor” is defined as either a person or a group of people that take part in an action that is intended to cause harm in the cyber realm. They engage in cyber related offenses to exploit open vulnerabilities in many different manners. Their targets can be individuals, or even large corporations.

Understanding threat actors

According to the 2022 DBI Report, 82% of data breaches involved the Human Element, with 62% of incidents involving threat actors compromising their targets. Bad actors can use different methods of attack such as Phishing, Vishing and SMiShing to exploit their victims.

Their approach however has varied over the years. Attackers continuously alter and tailor their malicious techniques as they adapt to new technology and an ever-changing world scene. In this article we will review different types of malicious actors, their motives, and recent exploits they have found in society today.

A Lineup of Threat Actors

So, we know what a threat actor is.  However, we can further examine different types of bad actors and categorize them into different groups mentioned below. Each type of threat actor will have their own distinct motives, techniques, targets, and uses for stolen data.

Understanding Threat Actors

Cyber Criminals

Cyber criminals’ main objectives are to infiltrate a system to access valuable data while ensuring they avoid legal consequences after doing so. Most seek financial rewards or notoriety in their peer groups and use various methods to infect their target’s computer systems. They may seek to gain financial compensation in exchange for the data from the victim themselves, or in some cases, the highest bidder on the dark web. Cyber criminals are the types of threat actors we run into most often in our day-to-day life, such as with phishing attacks or malware laden files and links.

Nation-State Threat Actors

These types of threat actors typically work for a government entity. Their goal is to gain intelligence of national interest including nuclear, financial and technology information. These actors are usually operatives funded by government intelligence agencies that are highly trained and very stealthy. Occasionally, nation-state threat actors may also be part of a separate organization contracted privately by a government. In both cases, their aim is to bolster their nation-state’s counterintelligence strategy and may attempt to sabotage critical infrastructure.


Insider threats come from within a company itself. It may be an employee that feels they have been treated unfairly and acts out in retaliation. They may sell network information to other malicious parties, sabotage their company directly, or even knowingly provide an opportunity for an outsider to gain access. Insiders are especially dangerous to an organization considering how much access they have at their disposal. They can also be hard to detect. However, keeping strict logging procedures in place can help catch these threats if they pop up.

Exploits in a Changing World

In the world around us, threat actors’ methods of attack take many different shapes. Some threats remain timeless, such as attackers leveraging remote access and web applications to gain access to an organization. The use of ransomware has also seen a surge in recent years, accounting for a 13% increase this year alone, which is more than in the last 5 years combined.

With ever shifting world conditions and news headlines comes a wave of new techniques for threat actors to use. Adapting to their “surroundings,” attackers have been able to find new ways to take advantage of unsuspecting victims. They utilize current information along with emotional triggers. Here are a few:

Ukraine Relief Scams

With the war in Ukraine, many threat actors have preyed on people’s kindness and tricked many into donating to fake causes and relief funds. The most common method of this type of scam was found in donation-seeking phishing emails. Some would pose as refugees asking for money to send back home to their relatives. While others would impersonate real banks or relief causes. Most of these scams required victims to provide “support” by using cryptocurrency, such as bitcoin, making it harder to trace.

Student Loan Scams

These types of scams have been around for a long time. However, they surged with the announcement from President Biden of student loan forgiveness in the US. Scammers sprung at the opportunity to scam students wishing to apply for such student aid. Threat actors would call or email pretending to be from different agencies helping individuals apply for the student loan forgiveness program. Such scammers would often ask their victims to pay upfront fees or provide sensitive credentials such as SSN, and they would even promise immediate loan forgiveness.

As we can see, malicious actors will take advantage of any and every situation possible. They will do so especially if it can produce an emotional trigger. The cruelty of such threat actors should never be underestimated and should motivate us to always be on guard.

What You Can Do

With the motivations and attack methods of threat actors ever changing, what steps can corporations take to protect themselves? Since the human element makes up 82% of data breaches, companies should focus on their employees. Leaders should develop strategies to raise awareness amongst their staff and provide training to help educate on the impact threat actors can have. Social-Engineer LLC specializes in hands-on security/risk assessments along with simulated vishing and phishing services to help demonstrate to employees exactly what a real threat actor may utilize to gain sensitive data.

Outside of a work environment as individuals, awareness of threat actors is also just as important. It is imperative that we keep up to date with the latest methods that threat actors are using to scam their victims. We should also never underestimate the malicious nature of scammers. They do not operate with any sense of ethics, which makes them especially dangerous during a time of crisis or high pressure.

It is impossible to completely steer clear of threat actors. At some point, a threat actor will inevitably engage us through an email, a phone call etc. However, by raising our awareness now and promoting a security-conscious mentality, we will be able to stop a malicious actor in their tracks before they can cause us any harm.

At Social Engineer LLC, our purpose is to bring education and awareness to all users of technology. For a detailed list of our services and how we can help you achieve your information/cybersecurity goals please visit:


Written by: Josten Peña