Unfortunately, there are so many nowadays hackers different. Think in this sense of cybercriminals with specific skills: Virus, malware and ransomware experts, rather than social engineering and manipulation.
Likewise it is possible that technically similar hacker attacks are motivated by diametrically opposed goals: from pure and simple extortion to espionage.
To try to order, Microsoft made a commode classification of cybercriminals and their most dangerous attacks. A useful way to navigate threats and network internationally.
Hacker attacks: who are the nation-state actors and the financially motivated actors
.jpg)
The new classification of hackers made by Microsoft is designed to help international organizations better manage potential threats. The first step to take in this direction is the development of a common language: terms and categories that allow the various hacker attacks to be categorized in the same way, regardless of the country in which they are physically perpetrated.
According to the company founded by Bill Gates, cybercriminals are divided into five key groups: nation-state actors, financially motivated actors, offensive private sector actors, influencers and members of groups still in the development stage.
The nation-state actors (nation-state actors) are hackers who do not operate independently. On the contrary their attacks are somehow related to a aligned program involving an entire country.
Nation-state actors may find themselves involved in the dissemination of virus rather than ransomware, but they almost never do it to harm a single individual. Rather their actions are part of much larger activitieswhich aim to move certain international balances.
Microsoft has categorized hackers into five categories to help organizations develop a common language
According to Microsoft reports the activity of nation state actors takes aim above all politically relevant subjectssuch as government agencies, intergovernmental organizations, NGOs or espionage and surveillance groups.
The financially motivated actors (financially motivated actors) are instead much closer to cybercriminals as the common narration paints them: unscrupulous hackerswho can work on their own, as well as tie up with larger organisations.
Actors with financial motivations can be hired for sabotage operations of various kindsFrom creating ransomware to compromising private documents and phishing. In all these cases the ultimate aim of the attack is always the same: extortion against the victim.
Hacker attacks: what are PSOAs and influence operations
.jpg)
The acronym PSOA stands for Private Sector Offensive Actors and refers to another category of hackers classified by Microsoft: that of private sector offensive actors.
Private Sector Offensive Actors (PSOA) sell cyber weapons such as virus, malware e ransomware and are often led by well-known and “legitimate” legal entities. Nonetheless, their work is to be considered as dangerous as that of the more canonical hacker attacks.
The work of the PSOA falls under malicious activity or cyber threat considered very dangerous internationally. Especially in the case of espionage and other activities they end up with jeopardize the protection of human rights.
Another category of hackers provided by Microsoft is that of influence operations. In this case it would not be correct to speak of a direct attack, but it is still possible to consider influence operations as full-fledged hacking operations.
The influence operations and activities of PSOA or developing groups fall into the categories of Microsoft hackers
Hackers use their knowledge to guide the perception of public opinion. They animate the web with news, articles or comments that can touch different levels of falsehood: from fake news clearer, to texts that point to manipulate the reader in a much more refined way.
Regardless of the single modality, influence operations are born with the stated goal of spread one and only vision of reality: the one that is dear to their client.
Finally, Microsoft has thought of a category that also hosts cybercriminals or hacker attacks still “in progress”. It is the case of developing groupsbut they are treated as a temporary classification.
Microsoft’s idea is to assign all those to this category activity not yet fully knownwhich, however, can be considered a threat.
The developing groups therefore come signaled and paid attention to from the point of view of prevention. As the level of knowledge about the phenomenon or group in question grows, it is possible switch to another category among those defined in the previous paragraphs.
How Microsoft’s new hacker taxonomy works
.jpg)
Once the categories of cybercriminals have been defined, Microsoft also enters into the merits of one more complex taxonomy. For example assigns individual nation-state actors to the country more plausibly related to their origins. In the same way the other actors can be tied to a client or to a specific motivation.
Furthermore, the various groups are distinguished on the basis of the so-called TTP: the tacticsthe techniques not procedure which they use to make their own hacker attacks. Similarly, the taxonomy takes into account any other models that can be identified and reproduced.
The activities of developing groups also fall under the taxonomy. Microsoft provides to group them in threat activity clusterwhich above all take into account the level of knowledge developed: we therefore go to the hackers strangers to those just discovered. From those emerging to those ready to be assigned to another category.
to know more: IT security, guide to safe surfing on the web