Cyber threat and cyber threat actors

Cyber threat

A cyber threat is an activity intended to compromise the security of an information system by altering the availability, integrity, or confidentiality of a system or the information it contains.

The cyber threat environment is the online space where cyber threat actors conduct malicious cyber threat activity.

Cyber threat actors

Cyber threat actors are states, groups, or individuals who, with malicious intent, aim to take advantage of vulnerabilities, low cyber security awareness, or technological developments to gain unauthorized access to information systems in order to access or otherwise affect victims’ data, devices, systems, and networks. The globalized nature of the Internet allows these threat actors to be physically located anywhere in the world and still affect the security of information systems in Canada.


Cyber threat actors can be categorized by their motivations and, to a degree, by their sophistication. Threat actors value access to devices, processing power, computing resources, and information for different reasons. In general, each type of cyber threat actor has a primary motivation.

Figure 1: Cyber threat actors

Figure 1: Cyber threat actors - Long description follows

Long description - Figure 1: Cyber threat actors

Nation state cyber threat actors are often geopolitically motivated.

Cybercriminals are often financially motivated.

Hacktivists are often ideologically motivated.

Terrorist groups are often motivated by ideological violence.

Thrill-seekers are often motivated by satisfaction.

Insider threat actors are often motivated by discontent.

Figure 1 - Description


Cyber threat actors are not equal in terms of capability and sophistication, and have a range of resources, training,and support for their activities. Cyber threat actors may operate on their own or as part of a larger organization (i.e., a nation-state intelligence program or organized crime group). Sometimes, even sophisticated actors use less sophisticated and readily available tools and techniques because these can still be effective for a given task and/ or make it difficult for defenders to attribute the activity.

Nation-states are frequently the most sophisticated threat actors, with dedicated resources and personnel, and extensive planning and coordination. Some nation-states have operational relationships with private sector entities and organized criminals.

Cybercriminals are generally understood to have moderate sophistication in comparison to nation-states. Nonetheless, they still have planning and support functions in addition to specialized technical capabilities that affect a large number of victims.

Threat actors in the top tier of sophistication and skill, capable of using advanced techniques to conduct complex and protracted campaigns in the pursuit of their strategic goals, are often called advanced persistent threats (APT). This designator is usually reserved for nation-states or very proficient organized crime groups.

Hacktivists, terrorist groups, and thrill-seekers are typically at the lowest level of sophistication as they often rely on widely available tools that require little technical skill to deploy. Their actions, more often than not, have no lasting effect on their targets beyond reputation.

Insider threats are individuals working within their organization who are particularly dangerous because of their access to internal networks that are protected by security perimeters. Access is a key component for malicious threat actors and having access privileged acess eliminates the need to employ other remote means. Insider threats may be associated with any of the other listed types of threat actors but often include disgruntled employees.

Date modified: