loading
Loading content
loading
Also known as adversary
A threat actor is whoever sits behind an attack: a lone opportunist running commodity malware, a financially driven ransomware crew, a hacktivist group, or a state-sponsored team with deep resources and patience. Analysts profile actors by motivation, capability, and the targets they favor, which sets realistic expectations for how an organization is likely to be hit and how hard the attacker will push.
The distinction guides defense. You prepare differently for a smash-and-grab crew that scans the internet for unpatched edge devices than for an advanced persistent threat that researches your supply chain and waits months for the right moment. Mapping a threat actor's habits lets a team prioritize controls and detections against the behavior that actor actually uses rather than a generic checklist.
Tracking actors is a core output of threat intelligence. Analysts catalog an actor's tactics, techniques, and procedures, map them to the MITRE ATT&CK framework, and tie campaigns together through shared indicators of compromise.
In a Trickest workflow you can pull actor-linked indicators and infrastructure from feeds, enrich them, and match them against your own attack surface so exposure to a specific adversary's known infrastructure becomes visible.
Related terms