Introduction

In the realm of cybersecurity, a diverse array of threat actors pose significant risks to individuals, organizations, and governments. Understanding these actors and their tactics is essential for devising effective defence strategies. We will examine the positive and negative aspects of various threat actors in Kenya, illustrating how cyber threat intelligence can play a vital role in mitigating cyber threats and safeguarding against potentially devastating cyber-attacks. The primary threat actors can be categorized into three broad groups: Hacktivists, Cybercriminals, and State-Sponsored Actors.

Hacktivists

Motivations: Hacktivists are driven by ideological or political motivations. They seek to promote a specific cause, raise awareness about social or political issues, or protest against perceived injustices. Their attacks are often a form of digital activism.

Behaviour: Hacktivists are typically non-violent and do not aim to cause physical harm. Instead, they employ hacking techniques to disrupt online services, deface websites, leak sensitive information, or engage in distributed denial-of-service (DDoS) attacks.

Modus Operandi: Hacktivists may use social engineering, website defacement, or Distributed Denial-of-Service (DDoS) attacks to achieve their goals. They often use public platforms to announce their actions and intentions.
Prominent Attack Vectors: DDoS attacks, website defacement, data breaches, and information leaks are common attack vectors employed by hacktivist groups.

Domains of Residence: Hacktivist groups can be based anywhere globally, and their reach extends across borders due to the nature of their online activities.

Goals: Hacktivists aim to raise awareness about their causes, exert pressure on governments or organizations to change policies, or advocate for social change.

Cybercriminals

Motivations: Cybercriminals are primarily motivated by financial gain. They seek to steal sensitive information, such as financial data, personal details, or intellectual property, to sell on the dark web or exploit for monetary rewards.

Behaviour: Cybercriminals operate with a profit-driven mindset, and they often organize themselves into well-structured criminal networks to maximize their effectiveness.

Modus Operandi: Cybercriminals use a wide range of tactics, including phishing, ransomware attacks, credit card fraud, identity theft, and business email compromise (BEC) schemes.

Prominent Attack Vectors: Phishing emails, ransomware, malware distribution, and social engineering are common attack vectors employed by cybercriminals.

Domains of Residence: Cybercriminals can operate from any location with an internet connection. Many cybercriminal groups are known to operate in countries with lenient or inadequate cybercrime laws.

Goals: The primary goal of cybercriminals is financial gain through various illicit activities targeting individuals, businesses, and financial institutions.

State-Sponsored Actors

Motivations: State-sponsored actors are supported and directed by nation-states to achieve specific political, economic, or military objectives. Their activities are often related to espionage, information warfare, or sabotage.

Behaviour: State-sponsored actors are well-funded, sophisticated, and have access to extensive resources and expertise. They operate with significant stealth and often focus on long-term, strategic campaigns.

Modus Operandi: State-sponsored actors employ advanced persistent threats (APTs), zero-day exploits, and sophisticated malware to infiltrate and maintain long-term access to targeted systems.

Prominent Attack Vectors: Advanced phishing, supply chain attacks, watering hole attacks, and zero-day exploits are commonly used attack vectors by state-sponsored actors.

Domains of Residence: State-sponsored actors typically operate from within the country sponsoring their activities, and they may also use proxy servers or compromised systems in other countries for additional anonymity.

Goals: State-sponsored actors aim to advance their nation’s interests by gathering intelligence, disrupting adversaries, or gaining a strategic advantage in geopolitical matters.

Detecting different threat actors requires a combination of proactive measures and robust cybersecurity tools. Cyber Threat Intelligence (CTI) plays a crucial role in identifying patterns, indicators, and characteristics of specific threat actors.

Additionally, employing behavioural analytics, intrusion detection systems (IDS), and threat-hunting techniques can aid in identifying and mitigating threats posed by different actor types.

For further information, please contact us at info@adili.africa