Our Voice

What is Cloud Transformation? The Complete Guide

Discover what cloud transformation means, its benefits, and how CWSI helps businesses modernise IT systems and drive innovation through cloud solutions.

Learn More
BOOK A MEETING

Five Key Threat Actor Groups 

In an age where digital connectivity is key for organisations to operate, the ever-evolving landscape of cyber threats increases. Threat actors are continuously orchestrating malicious actions to compromise IT security, posing a constant challenge, making it paramount they have the correct protection. 

To make sure your organisation stays free of cyber threats, it is essential to look out for threat actors who are awaiting their turn to attack, when you least expect it.  

It is essential that organisations are prepared. This blog aims to shed some light on these key threat actor groups, empowering organisations to recognise potential cyber threats before they materialise.

What are the 5 Types of Threat Actors?

Within the latest Microsoft’s Digital Defence Report, five categories of threat actors are defined: 

  1. Nation-state actors.
  2. Financially motivated actors.
  3. Cyber mercenaries or private sector offensive actors.
  4. Influence operations.
  5. Groups in development.
security balls with green ball in the middle

Nation-state actors

This group of actors operate on behalf of or is directed by a nation/state-aligned program, irrespective of whether the goal is espionage, financial gain, or retribution. Microsoft observed that the majority of nation-state actors will focus their operations and attacks on government agencies, intergovernmental organisations, nongovernmental organisations, and think tanks for traditional espionage or surveillance objectives.

Financially motivated actors

Actors who are driven by financial motives account for cyber campaigns or groups who are guided by criminal organisations for monetary gain. These groups do not associate with high confidence, to a non-nation state or commercial entities. This group of actors encompasses ransomware operators, business email compromise, phishing, as well as other groups who only have financial or extortion motivations.

Private sector offensive actors (PSOAs)

Private sector offensive actors (PSOAs) are commonly known as cyber mercenaries, this refers to commercial actors who are legitimate legal entities that create and sell cyberweapons to customers and in turn select specific targets and operate the cyberweapons for attack.

It has been observed that these tools target and surveil dissidents, human rights defenders, journalists, civil society advocates, and other private citizens, posing a threat to many global human rights efforts.

Influence operations

Influence operations encompass information campaigns that communicate through various channels on and offline in a manipulative approach. Their primary aim is to shift perception, behaviours, or decisions by target audiences to further a group or a nation’s interests and objectives.

Groups in development

Activities posing threats that are unidentified, emerging, or in the developing stages fall under the temporary designation ‘groups in development.’ This allows Microsoft to monitor a group as a discrete set of information until higher confidence is reached about the origin or identity of the actor behind the operation. Once the specific criteria are met, a group in development is transferred to a named actor or merged into existing names.

Name taxonomy of threat actors

In April 2023, Microsoft has decided to transform their naming categorisation aligning it with the theme of weather in response to the increasing complexity, scale, and volume of threats. This allows customers to understand threats quicker and clearer.  

The updated categorisation brings better context to security researchers that are already confronted with a consuming amount of threat intelligence data. Using weather terms offers a more organised, memorable, and easy way to reference adversary groups, allowing organisations to prioritise threats and protect themselves more efficiently. The adoption of these weather-centric terms ensures that security professionals can understand the nature of the threat actor simply by reading their name. If you’d like more information about the naming of threat actors, we recommend reading Microsoft’s threat actors guidance.

The table below shows an overview of the actor categories, their type and the weather term that is assigned to them. Nation-state actors are assigned to a family name according to a country/region of origin, Typhoon for example indicates the origin or attribution to China. The family name of other actors represents a motivation, like Tempest, which indicates financially motivated actors. 

Threat actors that belong to the same weather family have received an adjective to distinguish the actor groups within distinct tactics, techniques, and procedures (TTPs), infrastructure, objectives, or other identified patterns. Groups in development have received a temporary designation of Storm with a four-digit number where there is a newly discovered, unknown, emerging, or developing cluster of threat activity. 

Threat Actor Table

Contact Us to Discuss Threat Actor Groups

If you require more information on how to keep your organisation secure, or you have more questions around the different types of threat actors, we recommend contacting us via the form below.

Relevant Resources

Our Voice

What is Cloud Transformation? The Complete Guide

Discover what cloud transformation means, its benefits, and how CWSI helps businesses modernise IT systems and drive innovation through cloud solutions.

Learn More

Our Voice

The Complete Guide to Advanced Persistent Threats

Learn everything you need to know about Advanced Persistent Threats in this guide by CWSI. Get in touch today for more information.

Learn More

Our Voice

The Complete Guide to Cyber Threat Actors: Understanding and Defending Against Digital Threats

Learn all you need to know about Cyber Threat Actors in this detailed guide from CWSI. We discuss different actor groups, techniques and tactics.

Learn More