Understanding the trends related to threat actors, their motivations and their targets assists greatly in planning and improving cybersecurity defences and mitigation strategies.

In our previous article, we covered the eight prime cybersecurity threats according to ENISA’s latest Threat Landscape annual report, issued in November 2022. In this article, we continue the topic by presenting a recap of the four categories of threat actors in the spotlight of this year’s edition of the report.

ENISA, the European Union Agency for Cybersecurity, is the EU institution dedicated to achieving a high common level of cybersecurity across Europe. In its yearly reports the agency analyses the top threats and major trends observed with respect to threats, threat actors, and attack techniques, as well as impact and motivation analysis. It also describes relevant mitigation measures.

Based on the analysis of the of cyber threats that emerged and materialized in the course of 2021 and 2022, ETL 2022 identifies and focuses on the thread actor trends relevant to the current cybersecurity landscape.

Cyber threat actors are an integral component of the threat landscape. They are entities aiming to carry out a malicious act by taking advantage of existing vulnerabilities with the intent to harm their victims. Understanding how threat actors think and act and their motivations and goals are essential for a more robust cyber threat management and incident response.

Monitoring the latest developments concerning the tactics and techniques used by threat actors to achieve their objectives and staying up-to-date with the long-term trends in motivations and targets is crucial for an efficient defence in today’s cybersecurity ecosystem.

It is an integral part of the overall threat assessment since it allows security controls to be prioritised and a dedicated strategy based on potential impact and the likelihood that threats will materialise. Not understanding threat actors and how they operate creates a significant knowledge gap in cybersecurity because analysing threats without considering the motivations and goals may lead to inefficient defences or in some cases not being able to protect at all.

For the ETL 2022, ENISA considers once more the following four categories of cybersecurity threat actors:

1. State-sponsored actors

During the reporting period, state-sponsored actors exploited many critical vulnerabilities in the wild, some of which were against Microsoft, Pulse Secure VPN appliances and other business entities. Moreover, we have observed state-sponsored threat actors targeting small office or home office routers worldwide and using this compromised infrastructure for their cyber operations while hindering defenders’ efforts.

 2. Cybercrime actors

The second actor category, cybercrime actors, was heavily impacted by the Russia-Ukraine conflict. During the conflict, it was observed how a major geopolitical incident could mobilise cybercrime groups, reveal connections between cybercrime and state actors, and provide opportunities for cybercriminals to make financial gains.

3. Hacker-for-hire actors

The hacker-for-hire threat actor category refers to entities within the ‘Access-as-a-Service’ (AaaS) market, mainly comprised of companies that offer offensive cyber capabilities. Their clients are usually governments but also corporations and individuals.

4. Hacktivists

The Ukraine-Russia conflict has been seen as an increasingly permissive (and unique) environment that mobilised hacktivist groups that chose sides (around 70 hacktivist groups became involved).

ENISA’s assessment is that threat actors will increasingly conduct ransomware attacks with no monetary motivations. Hacktivists will likely be attracted by the effectiveness and the impact that ransomware attacks can have as well as the media attention they attract. Finally, governmental organisations are very likely the primary targets of hacktivists’ ransomware operations.

You can read the full text of the report here.


If this information is helpful to you read our blog for more interesting and useful content, tips, and guidelines on similar topics. Contact the team of COMPUTER 2000 Bulgaria now if you have a specific question. Our specialists will be assisting you with your query. 

Content curated by the team of COMPUTER 2000 based on official publications by the European Union Agency for Cybersecurity.

Follow us to learn more


Let’s walk through the journey of digital transformation together.

By clicking on the SEND button you agree to the processing of personal data. In accordance with our Privacy Policy

4 + 7 =