Threat Actor Motivations

There is a difference between the intent of the attack and the motivation that fuels the attack

• Threat actors intent
  • Specific objective or goal that a threat actor is aiming to achieve through their attack
• Threat actors motivation
  • Underlying reasons or driving forces that pushes a threat actor to carry out their attack

Different motivations behind threat actors

• Data exfiltration
  • Unauthorized transfer of data from a computer
• Financial Gain
  • Achieved through various means, such as ransomware attacks or through banking trojans that allow them to steal financial information in order to gain unauthorized access to victims’ back accounts
• Blackmail
  • Attacker obtains sensitive or compromising information about an individual or an organization and threatens to release this information to the public unless certain demands are met
• Service Disruption
  • Some threat actors aim to disrupt the services of various organizations, either to cause chaos, make a political statement, or demand a ransom
• Philosophical or Political Beliefs
  • Attacks that are conducted due to the philosophical or political beliefs of the attackers is known as hacktivism
  • Common motivation for a specific type of threat actor known as a hacktivist
• Ethical Reasons
  • Contrary to malicious threat actors, ethical hackers, also known as Authorized hackers, are motivation by a desire to improve security
• Revenge
  • It can also be a motivation for a threat actor that wants to target an entity that they believe has wronged them in some way
• Disruption or Chaos
  • Creating and spreading malware to launching sophisticated cyberattacks against the critical infrastructure in a populated city
• Espionage
  • Spying on individuals, organizations, or nations to gather sensitive or classified information
• War
  • Cyber warfare can be used to disrupt a country’s infrastructure, compromise its national security, and to cause economic damage