Earlier, if you read the first article, you were introduced to funny stories about young hackers and the epic failures of major corporations. Now it's time to dive deeper into the world of hackers. But in the professional field, a more generalized term is used threat actor - because it’s not always someone hacking you through your home internet. Threats can come from colleagues, activists, or just someone bored enough to mess around - and accidentally cause hundreds of thousands of dollars in damage.
"Life is life" - a phrase my teacher likes to repeat.
The threat actor is any person or group of people who presents a security risk. In this reading, you’ll learn about different types of threat actors. You will also learn about their motivations, intentions, and how they influence the security industry.
To defend effectively, you need to understand who you're defending against and what their goals are. In some cases you can anticipate the actor's behavior and build a defense, in others - for example, when you are facing a monkey with a grenade - you can only minimize the risks and hope for a miracle.
Internal VS External Threat Actors
When people hear the word hacker, they often imagine an external threat - a teenager in a hoodie breaking into corporate databases and transferring money to an offshore account. While this exaggerated image has become a popular stereotype, it highlights a common misconception: the belief that all cyber threats come from outside an organization. In reality, threats can originate both externally and internally, and overlooking the risks posed by insiders can leave critical vulnerabilities unaddressed.
"There is no worse enemy than a foolish ally."
In 2025, UK logistics company KNP (est. 1867) shut down after a ransomware attack. The breach? Hackers guessed a weak employee password, encrypted systems, and wrecked backups. Despite having cyber insurance, the company couldn’t recover - 700 people lost their jobs. A century-and-a-half-old business was brought down not by elite hackers, but by the digital equivalent of leaving a castle gate made of wet cardboard.
Internal Threat Actors
Internal threat actors are individuals who have legitimate access to an organization’s systems, networks, or data. This includes employees, contractors, suppliers, or any other party with trusted access. Their actions can be both intentional - for example, stealing confidential information or sabotaging systems - or unintentional, such as making mistakes that open security gaps. The key characteristic of an internal threat actor is that they operate from within, often leveraging privileges that bypass many standard security measures.
External Threat Actors
External threat actors are individuals or groups outside of an organization who attempt to gain unauthorized access to its systems or data. These can include cybercriminals, state-sponsored attackers, hacktivists, or opportunistic hackers. Unlike insiders, external actors must find ways to penetrate security barriers, often using methods like phishing, malware, brute force attacks, or exploiting software vulnerabilities. They are typically motivated by financial gain, political agendas, espionage, or the challenge of breaking into secure systems.
In this article, I'd like to focus on a few specific types of threat actors:
- Hackers - a seemingly straightforward category, but in reality, their motives and methods are far more complex.
- Activists - a group that’s always relevant, though often misunderstood.
- Script Kiddies - once seen as harmless amateurs, but with the rise of AI tools, they’re becoming increasingly relevant and dangerous.
Hackers
In the world of information security, hackers are often classified by color of "hat", a metaphor that comes from westerns where "white hats are the good guys, black hats are the bad guys".
Here's a detailed classification:
Black Hat - “Black Hats”.
😈 Malicious, acting illegally.
These actors engage in hacking for profit, sabotage, or blackmail. They often use methods such as viruses, exploits, and phishing to infiltrate systems and steal sensitive data. While some operate independently, many work as part of organized criminal networks or even state-sponsored groups. Notable examples include ransomware gangs like REvil and Conti, as well as advanced persistent threat (APT) groups linked to nation-states.
White Hat - “White Hats”.
😇 Ethical hackers, operate legally
These individuals help organizations identify and fix security vulnerabilities. They typically work as penetration testers, participate in bug bounty programs, or operate within internal information security teams. Crucially, they conduct their testing with official authorization, ensuring that their activities are legal and aligned with the company’s goals. Examples include ethical hackers who contribute to platforms like HackerOne or Bugcrowd.
Grey Hat - “Gray Hats.”
❔ Intermediate, balancing good and evil.
These hackers operate without official authorization but typically do not cause harm. They may discover and report vulnerabilities to organizations, though their approach isn't always appropriate or welcome. In some cases, they even request a "reward" for their findings, blurring the line between ethical intent and questionable behavior. For example, someone might find a flaw on a bank’s website, report it without prior permission, and end up receiving either a thank-you - or a legal penalty.
Red Hat (in some classifications).
👊 Hackers who "war on blacks" aggressively
These individuals hack black hats in retaliation, often acting as digital vigilantes. While their intentions may align with defending others, they sometimes operate outside the boundaries of the law, making their actions legally and ethically ambiguous. They are closely related to activist groups and occasionally refer to themselves as “cyberhackers,” blurring the line between justice and vigilantism.
Blue Hat are vigilantes or external testers.
💁 Revenge and personal motives
Blue hat hackers can be both vigilantes and external testers, but the most common definition refers to them as external security professionals hired by organizations to test systems for vulnerabilities before launch. However, in some contexts, the term "blue hat" is also used to describe individuals who engage in hacking activities for revenge or to target black hat hackers, acting as vigilantes.
Green Hat are new.
👽 Apprentices who are just learning about hacking.
Green hat hackers are “green” in the sense that they are inexperienced and may not have the technical skills of more experienced hackers. At this amateur level, they may not intentionally seek to cause harm, but may do so accidentally.
Сongrats! As you've already touched on the secret side of the cybersecurity and dipped into it a bit, your hat's begun to take on a green color
👫 Hacktivist
It's not about money or profit(in any form) - it's about an idea. And when the idea takes the lead, untampered by money or practical limits, we all know where that can lead.
A hacktivist is an actor who engages in "hacktivism," which combines hacking with activism to advance political or social causes. Hacktivists use their technical skills to disrupt, protest, or leak information, often targeting organizations or governments they oppose.
👶 Script kiddies (amateur hackers)
Script kiddies is slang for amateur hackers who lack the technical skills needed to create their own hacking programs or conduct sophisticated attacks, such as SQL injections, so they use scripts created by others. Despite being novices, script kiddies are still dangerous - especially since they often don’t fully understand the damage they can do with the pre-created programs they use.
While we’ve touched on some of the most well-known hacker profiles and motivations, this is far from an exhaustive list. The world of cybersecurity is layered and constantly shifting, and new threat profiles emerge just as quickly as old ones evolve. Future sections will dive deeper into more specific and complex classifications - but for now, you have a clear understanding of who might be targeting you, what motivates them, and what kind of behavior you can expect.
Unfortunately, no one can be told what the Matrix is. You have to see it for yourself. - The Matrix (1999)
Just like the Matrix, no article can prepare you for everything - but now, at least, you know what to start paying attention to.
Top comments (0)