// THREAT DETECTION AND DATA PRIVACY TERM
Threat Actor
A threat actor is any individual or group that has the intent and capability to launch a cyberattack. They range from individual hackers and activists to organized crime syndicates and government-sponsored teams.
TECHNICAL DEFINITION
A threat actor is an entity, such as a nation-state, cybercriminal organization, hacktivist group, or malicious insider, responsible for a cybersecurity event by leveraging capabilities and intent to exploit vulnerabilities. Threat actor profiling analyzes their tactics, techniques, and procedures (TTPs), motivations (espionage, financial gain, sabotage), and resources to inform threat intelligence and attribution.
BACKGROUND
Computer security is a subdiscipline within the field of information security. It focuses on protecting computer software, systems, and networks from threats that can lead to unauthorized information disclosure, theft, or damage to hardware, software, or data, as well as to the disruption or misdirection of the services they provide.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- malicious actor
- adversary
- cybercriminal
- attacker
- threat agent
- bad actor
- hostile entity
USAGE NOTE
Use this term to focus on the 'who' behind a cyberattack, which helps in understanding their likely motives and methods.
DEVELOPERS
Organizations developing technology related to Threat Actor.
A cybersecurity technology company that provides cloud-native endpoint protection, threat intelligence, and incident response services. They actively track and report on a wide range of nation-state, e-crime, and hacktivist threat actors.
An organization renowned for its threat intelligence and incident response services. Mandiant provides deep insights into the tactics, techniques, and procedures (TTPs) of advanced persistent threats (APTs) and other sophisticated threat actors.
Provides a security intelligence platform that collects and analyzes a vast amount of data from open, dark, and technical sources to deliver real-time intelligence on threat actors, their infrastructure, and their motives.
A global cybersecurity leader whose products are informed by its threat intelligence team, Unit 42. This team researches and publishes findings on new threat actors, malware campaigns, and vulnerabilities to improve detection and prevention capabilities.
Specializes in industrial control systems (ICS) and operational technology (OT) security. Dragos develops technology to identify and respond to threat actors specifically targeting critical infrastructure and industrial environments.
Leverages trillions of daily signals from its global infrastructure to identify and track threat actors. This intelligence is integrated into its security products like Microsoft Sentinel and Defender to protect against emerging threats.
A not-for-profit organization that developed and maintains the MITRE ATT&CK framework, a globally accessible knowledge base of adversary tactics and techniques based on real-world observations of threat actor behavior. This framework is a foundational technology for threat modeling and defense.
Formed from the merger of McAfee Enterprise and FireEye, Trellix operates an Advanced Research Center that analyzes threat actor campaigns. They develop XDR (Extended Detection and Response) technology that uses this intelligence to detect and counter malicious actors.