Cybersecurity Unlocked: Episode 8— The Cast of Characters (Threat Actors)

Cybersecurity Unlocked: A Journey into Cybersec with Yash

Yash Kitey

~4 min read · December 30, 2025 (Updated: December 30, 2025) · Free: Yes

When we watch movies, every hacker looks the same: a lone genius in a basement, with a black screen with green lines of code running on the screen, typing furiously to break a firewall.

But in the real world (and in cybersecurity frameworks), that is just one tiny slice of the pie. We aren't fighting a monolith or any single person behind a computer. We are fighting a diverse cast of characters, ranging from bored teenagers to military units.

To defend a network, We first have to profile the enemy. We analyze them based on three key metrics: Sophistication (skill level) , Resources (funding) , and Motivation (why they do it).

Here is the full breakdown of the enemies we face:

1. The Mercenaries (Organized Crime)

Who they are: These aren't random individuals. These are sophisticated criminal enterprises that operate like Fortune 500 companies. They often have payroll, HR, and even "customer support" to help you pay them.
The Motivation: Pure Financial Gain. They don't care about your politics or your secrets or anything else. All they care about your is your wallet.
The Tactic: They are the kings of Ransomware and Blackmail. They lock your data and sell the key back to you. with the help of ransomware they will encrypt all your data and blackmail you to pay them a sum of amount to get your own data back.

2. The Spies (Nation-State Actors) ️

Who they are: Government-sponsored hacking teams. They have massive resources and funding and an extreme level of sophistication. These are generally teams working with the government to spy on terrorist / other nations.
The Motivation: Espionage, War or proactive way to counter the the incoming threat. They want strategic secrets intellectual property, defense plans, or voter data etc.
The Danger: They play the long game (often called Advanced Persistent Threats). If they are in your network, they don't want to break things; they want to stay invisible for years and secretly collect your data and watch for patterns and use that data for their own intelligence.

3. The Ideologists (Hacktivists)

Who they are: Attackers driven by a cause rather than cash.
The Motivation: Philosophical or Political beliefs. They want to expose corruption, protest a policy, or embarrass a target.
The Tactic: They often rely on Data Exfiltration (leaking emails) or Service Disruption (taking down a website) to make a statement.

4. The Betrayal (Insider Threats)

Who they are: The most dangerous call comes from inside the house. This is an Internal threat, someone with legitimate access (an employee or contractor).
The Motivation: It varies. It could be Revenge (a fired employee) , Financial Gain (bribed by a competitor), or simple negligence.
The Danger: Traditional firewalls point outward. They are useless against someone who already has a badge and a login.

5. The Graffiti Artists (Unskilled Attackers)

Who they are: Often called "Script Kiddies." These are attackers with low sophistication who use off-the-shelf tools they don't fully understand.
The Motivation: Bragging rights, curiosity, or simply creating chaos.
The Reality: While they aren't "pros," there are millions of them. They are like vandals checking every door handle to see if one is unlocked.

6. The Silent Risk (Shadow IT)

Who they are: This is a unique category. It refers to employees installing unauthorized software or hardware on the company network without IT knowing.
The Motivation: Usually efficiency they just want to get their job done faster but they neglect compliance and increase the risks.
The Danger: It creates an unmonitored Attack Surface that security teams can't patch or protect.

The Takeaway: You cannot use the same shield for every sword. Defending against a Nation-State requires totally different tools than stopping a Script Kiddie. Understanding the Actor is the first step in building the Defense.

Question for the class: Which of these scares you the most? (Personally, the Insider Threat keeps me up at night how do you stop someone who has the keys?)

#cybersecurity #security #information-technology #cloud-computing #software-development