Cybersecurity Committee: Identify and Understand Cyber Threat Actors and Typical Methods of Attack

March 11, 2021

For a more visual presentation, download the Cybersecurity Committee's Step Two infographic here. Otherwise, read the blog below!

The primary threat for most SMB, commercial and government entities is by criminals looking to make money!  With Crimeware-as-a-Service (CaaS), organized crime is franchising cybercriminal underlings with toolkits, resources and hosting services. The risk associated with conducting cybercrime is dramatically imbalanced relative to the reward in favor of these criminals as very few are identified, apprehended, and prosecuted.

Motivation: Financial gain or reputation enhancement

Affiliation: Individuals or with collaborators

Common Tactics, Techniques and Procedures (TTPs): Phishing, social engineering, business email compromise (BEC) scams, botnets, password attacks, exploit kits, malware and ransomware

Nation States - Advanced Persistent Threat (APT) Groups:

Threat Actors have evolved over the last decade. The most significant threat to the world is the Nation State / APT Threat Actor. These Cybercriminals are highly organized and have unlimited funding and resources. The disparity of threat versus defense against the Nation State is so extreme it is almost immeasurable.

  • Russia 52%
  • Iran 25%
  • China 12%
  • North Korea and other countries 11%

Motivation: Espionage, political, economic or military

Affiliation: Nation-states or organizations with nation-state ties

Common TTPs: Spear-phishing password attacks, social engineering, direct compromise, data exfiltration, remote access trojans and destructive malware

Insider Threat

Those under your company employ or contract that exfiltrate precious or sensitive information out of the company for nefarious objectives. Insiders undermine cybersecurity and physical security because they often have legitimate access to data and can carry out their criminal intent while appearing to conduct normal work activity.

Motivation: Financial gain or to seek revenge

Affiliation: Current or former employee, contractor or other partner who has authorized access

Common TTPs: data exfiltration or privilege misuse


a.k.a. Ideologically-Motivated Criminal Hackers, target high-profile entities / victims to garner notoriety and publicity and to make political or social statements, often in effort to affect change.

Motivation: Political, social or ideological

Affiliation: Non-governmental individuals or organizations

Common TTPs: DDoS attacks, doxing and website defacements

Terrorist Organizations

These groups are designated by the U.S. Department of State. Their cybercrime is typically disruptive and or harassing in nature.

Motivation: Political or ideological; possibly for financial gain, espionage or as propaganda

Affiliation: Individuals, organizations or nation-states

Common TTPs: Defacements and claimed leaks

For more information: Reference PSA CIS controls Whitepaper CIS Controls – Organizational Control 17

To learn more from the PSA Cybersecurity Committee, visit!