Threat Actor
Any individual or group that carries out or has the intent to carry out malicious cyber activities.
Full Definition
A threat actor is any individual, group, or organization that poses a cybersecurity threat by conducting or intending to conduct malicious activities. Threat actors are broadly categorized by their motivation, capability, and sponsorship: nation-state actors, organized cybercriminal groups, hacktivists, insider threats, and script kiddies.\n\nUnderstanding a threat actor's motivation is key to predicting their behavior and targets. Nation-state actors pursue espionage, disruption, and geopolitical objectives; criminal groups prioritize financial gain through ransomware, fraud, and data theft; hacktivists pursue ideological goals; and insider threats exploit privileged access for personal or political reasons.\n\nThreat intelligence platforms track known threat actor groups, their TTPs (Tactics, Techniques, and Procedures), infrastructure, and targeting patterns. This intelligence enables organizations to understand which threats are most relevant to their industry and proactively harden their defenses accordingly.
Related Terms
Advanced Persistent Threat (APT)
A prolonged, targeted cyberattack by a sophisticated, often state-sponsored threat actor.
Threat ActorsInitial Access Broker (IAB)
A cybercriminal who specializes in breaching networks and selling that access to other threat actors.
Threat ActorsCybercrime Forum
Underground online communities where threat actors buy, sell, and exchange stolen data, tools, and services.
CybercrimeThreat Intelligence
Evidence-based knowledge about existing or emerging threats that informs security decisions.
Threat IntelligenceMonitor Your Exposure on Whiteintel
Understanding threats is the first step. Whiteintel continuously monitors dark web sources, stealer logs, and breach databases so you know the moment your organization's data is at risk.