The Complex Web of Threat Actors - The Main Players on the Field

If there is no physical aspect to the crime, society's attitude toward such lawbreakers is usually not as radical as it is toward classic robbers and kidnappers. In a word, towards those who act by the same methods as thousands of years ago - by force. When the instrument of crime becomes the intellect or a specially developed computer program for extorting money, everything is slightly different. In terms of the law, such criminals are essentially no different from thieves with picklocks who open your safe. Still, in cultural terms, such criminals often become the kind of heroes who fool the system, laugh at security protocols, and circumvent the cybersecurity departments of businesses. 

They find followers and imitators, often organizing entire cyber groups to attack and extort money.  Such individuals are called threat actors, and they are the ones we will talk about next. These actors are not infrequently included in the very public policy system and carry out state orders. Let's discuss their history, motives, the main cyber threat actors and why they are not all behind bars or disconnected from the Internet. 

Who Are the Cyber Threat Actors?

The term "cyber threat actors" refers to individuals, groups or organizations that pose a risk or engage in malicious activities in the digital domain. The term's origin can be traced to the growing prevalence of cyber threats and cybercrime in the late 20th century.

Types of Cyber Threat Actors

• State-sponsored: These are official or unofficial units openly or not-so-openly sponsored by states to engage in espionage or cyber warfare. 
• Hacktivists: These are enthusiastic individuals or so-called interest groups, often with political motives. They attack organizations or individuals to further their ideological or activist goals.
• Organized criminal groups: These criminal organizations engage in cybercrime for financial gain. They may profit from sophisticated methods such as ransomware attacks, data breaches, or credit card fraud.
• Insiders: These are individuals with authorized access to an organization's systems or data who abuse their privileges for self-serving purposes or to cause harm. This category includes disgruntled employees, contractors or partners.
• Cyber Terrorists: The name of this group speaks for itself. Political motives may be the basis, but the methods are incredibly destructive. Their activities can range from website DDoS attacks to large-scale coordinated attacks.

Amateurs and Old Cyber Groups: Diversity of Cyber Threat Actors in 2023 

Like the previous three years, 2023 is not a year of stability and plenty of good news worldwide. Cyber threats have not gone away. Due to events in the world, they are just not paid as much attention. The scale and variety of areas where cyber threats can manifest themselves are growing. It could be just a random attempt of cyber attacks via phishing mail from a bored tech student or an elaboration of a serious scheme of attack on a digital giant. Experts say that the recent attack of hackers on 3CX, one of the world's largest developers of VOIP solutions for large corporations, is the reason for feeling the global security of large companies.

The Main Areas and Regions of Activity of Cyber Threat Actors

According to the latest research for the first quarter of 2023, the main activity of cyber threat actors was in the areas described below and was most active in the following regions.

Most Targeted Sectors

• Manufacturing
• Technology
• Education
• Government
• Transport

Most Targeted Regions

• Northern America (U.S.)
• South East Asia (Myanmar, Philippines, Singapore)
• South Asia (India, Pakistan, Sri Lanka, Nepal, Bangladesh, Afghanistan)
• East Asia (China, Japan, Mongolia, Republic of Korea, Taiwan, Qatar)
• Eastern European (Ukraine, Bulgaria, Romania, Republic of Moldova)

The Most Notable Threat Actors in Recent Years

The most active regions where cyber threat actors operate remain the United States, China, Russia and North Korea. These regions remain the most prominent and unchanged players in this field. In 2023 the following 10  threat actors will be particularly active.

• Lazarus APT (a North Korean group):  a cyber group with ties to North Korea. It has been linked to involvement in various high-profile cyberattacks and financial crimes.
• Earth Longzhi (a subgroup of APT 41): Earth Longzhi is a subset of APT 41, a sophisticated cyber group known for its advanced hacking techniques and ties to the Chinese government.
• Volt Typhoon APT (Chinese group):  China-based cyber group suspected of state-sponsored cyber espionage against organizations and governments.
• SideWinder APT (South Asian group): a South Asian cyber group known for targeting military and diplomatic targets in the region.
• BianLian Ransomware Gang: a cybercriminal group that specializes in attacks using BianLian malware to encrypt victims' files and demand ransom.
• Void Rabisu (probably of Russian origin): Void Rabisu is suspected of various cyber espionage and hacking campaigns targeting governments and organizations.
• Camaro Dragon APT (Chinese group, presumably state-sponsored): known for its ongoing threats and cyber espionage campaigns.
• Kimsuky APT (a North Korean group): a cyber group specializing in targeted attacks against government and military organizations focusing on intelligence gathering.
• APT 28, also known as Fancy Bear: a cyber group affiliated with the Russian military intelligence service GRU, known for its involvement in state-sponsored cyber attacks and information warfare.
• The Bl00dy Ransomware Gang: an Eastern European cybercrime group that specializes in ransomware attacks. It uses sophisticated malware to encrypt victims' data and demands a ransom.

In One Way or Another, Everyone Will Encounter Cyber Threat Actors

In today's interconnected world, threat actors pose a significant risk to individuals and organizations. Whether one expects an attack or not, it is critical to prioritize cybersecurity and implement robust protection measures. Cybercriminals are constantly improving, using sophisticated techniques to exploit vulnerabilities and gain unauthorized access to sensitive information. 

Taking proactive measures, such as using strong passwords, updating your software, using robust anti-virus software, and becoming familiar with phishing and social engineering tactics, can significantly reduce your chances of becoming a victim of cyber threats. Everyone will encounter cyber threat actors in one way or another, so it's important always to remain vigilant and prioritize cybersecurity.