Five Personas of the Cyber Threat Actor

Understanding and Mitigating the Five Major Cyber Threats
Last Updated December 13th, 2023 

Cyber Threat Actor Personas

Cybersecurity is playing an ever-important role within our society. From electronic currencies to business and personal operations, the compromise or damage of these systems poses a distinct threat to human and ecological life.

There are countless battles being fought on the cyber warfront. New malwares emerge on a regular basis, with groups of malicious actors graduating from roughshod operations to sophisticated and organized crime.

What are the motives for these threat actors? There are many, and the personas of threat actor generally fall into the following categories, in order of sophistication: Script Kids, Power Users, Hacktivists, For-Profit Organizations, and Nation-States.

Script Kids

These are the most rudimentary of threats. The term originates from young children or teenagers who would stumble across a malicious script on the internet (such as a keylogger or DoS attack) and deploy it against their friends or rivals, for fun or for revenge.  It’s likely that much of this activity still comes from this age group as well as adult computer users and possibly some organized groups in developing countries. The threat level posed by this persona is low, as they lack computer literacy and don’t develop financial gain from their actions.

Power Users

These are computer users with a high level of computer literacy and competency. These threat actors have a strong command over administrative use of machines and are learning or already understand the nature of the tools they use. Power Users are quite neutral in their motives. Curiosity is the main motive for these actors, whether it is to further their knowledge of computer networks and develop their skills, or to gain access to systems and merely peek around.

Although these threat actors are not entirely malicious, they still pose a distinct threat to information systems. Since they are unauthorized to access the information, the victim will likely be required to publish an official data breach statement and inform all parties whose protected data has been compromised. Additionally, there is the possibility that they disrupt the systems they are engaged with, causing downtime or, worse, data destruction.


The Hacktivist persona is a mixed bag, like the Power User. Their use of technology is to intentionally disrupt systems and steal or even destroy information. What differentiates this group from others is not how they attack, but whom. Their targets will span from critical infrastructure to government and enterprise facilities. It is unclear how these groups behave against organized crime such as human and drug trafficking. Overall, they pose a significant threat to American information systems and originate from both international and domestic sources.

For-Profit Organizations

Probably the most prominent and overt of cyber threat persona, these threat actors are in it for the money. They are highly skilled and highly organized, just as you would see with any professional business. Specifically, they are trained to compromise your information through technical controls and through social engineering.

There are several ways which these organizations profit, and the most persistent form is the common scam. Another way they profit is through maintaining systems of compromised computers, also known as botnets, which search for and attempt to compromise new targets. These botnets consume the victim’s electricity and computing power to perform a distributed attack against a single target. Many times, they are also used for mining cryptocurrency for the organization.

Keep a close eye out for these organizations. They will take their time to perform due diligence and understand how much capital you have available, and how to take it from you, be it by trickery, compromise, or extortion.


 – The Nation-state cyber threat is the most extreme risk to any victim. These are threat actors that are either overtly or covertly sponsored by a government entity. They have the highest level of organization, sophistication, and resources available, which allows them to do serious reconnaissance on your operations. They may send an agent to your facility, pose as a janitor, and walk away with your trash so they can rifle through it to discover sensitive internal information about you and your business that they can leverage in an attack. They might also try to infiltrate your facility to gain physical access to your equipment, where they can then install malware or steal data.

The objective in many cases is to extort money to fund their country’s covert operations, such as to obtain weapons, or even to maintain their campaign. Other times, their objective is to impact critical infrastructure or to weaken economic and military operations, causing human or ecological harm in the process.

The threat posed by the nation-state cyber threat actor is extreme. If you believe that you have become the target of their operations, seek professional help immediately and consider contacting your local law enforcement agency. Your life and the lives of others may be at stake.


Thank you for taking the time to read this. The first line of defense against these cyber threats is our own awareness. Once we can identify the threats facing us, we can make the due preparations to mitigate the risk and impact. If you would like to bolster your awareness and train to identify the activities these actors engage in, consider scheduling an appointment with us to discuss a vulnerability assessment or a simulated cyber-attack.

Share this post
The XZ Utility Backdoor
A Crisis Averted