Back to Spotlight

In the two other Spotlight articles, we expose two nation-state hacker groups. But not all cyberattacks are carried out by nation states. Who else might these shadowy criminals be who take aim at our society every day? 


This report from BAE Systems, an arms, security, and aerospace company, provides a classification of the main hacker types.

  • The mule is a casual criminal used by others to launder money. Mules are often provided with professional manuals on how to launder money. They can work from home, use free WiFi hotspots, and get payments to their bank accounts for their services. Mules are at highest risk of arrest and prosecution
  • The professional is a career criminal working from 9-5 at a company that may appear legitimate. But in reality, the company runs phone scams, writes software for other criminals, or may be engaged in other parts of the cyber criminal supply chain. 
  • The nation state actor works for governments to target governments, individuals, and organizations. Some governments run their own army of offensive cyber attackers, others sponsor independent criminal groups. Nation state actors may be motivated by nationalism or by money
  • The activist engages in cyber crime for political, religious or social reasons. Activists often target those organizations whose purpose does not align with their values and beliefs. They are most likely to cause publicized destruction instead of quietly damaging an organization. The most famous cyber activist group is Anonymous
  • The insider works at a given company and may be a disgruntled employee, a spy, or a financially motivated adversary. Insider threats are problematic, because they have already gained access to an organization, making it a very difficult cyber threat to tackle
  • The getaway is a very young individual who, even if caught, is too young to go to prison. Getaways are often manipulated and used by other criminals as proxies.


Why does this matter for businesses?

  • Knowing who might target a business may help strengthen its defences by putting in place measures that make life for certain hacker groups harder
  • For example, the greatest cybersecurity concern of many companies is insider threat. To minimise the risk, measures such as behavioural analytics to identify anomalous behaviour may detect and prevent insider activity.


Read the full article