Decoding The Threat Actors

Do we need a Magic 8 Ball to figure this out? Maybe Nostradamus could piece this together? We’re talking about Threat Actors here, so it couldn’t be possible these folks are organized, have workflow, processes, and talent.

Unfortunately, we do not need the Magic 8 Ball to dissect the anatomy of a cyber-attack nor do we need Nostradamus. Threat Actor groups work like a business.  There is leadership, there is funding, middle managers, supervisors, and those that do all the dirty work – the staff.

Where do these folks hang out? Where do they live? Do they have an office? The generally accepted approach is to hide in plain site; therefore, you may be living next door to a Threat Actor. They may be working on the floor above or below your legitimate office site. The point is Threat Actors are people just like you and I, but they choose to use their skills in a different way.

And onto the anatomy of a cyber-attack now that we know who these people may be.

A Closer Look To The Anatomy of Cyber-Attack


Reconnaissance comes in many forms.  It can be gained by purposely trying to understand your business more deeply to gain as much information (to be used against you) as possible. It can come from a phishing scheme (hope you did not fall for it) or it can come in the way of taking the time to understand the company habits, users, who are the admins, who leaves early, who leaves late, etc. By now, targets have been identified.


Clearly, the biggest cache of information will be the network devices themselves, so Network Administrators are heavily targeted with more phishing schemes, download this, and download that. Remember, these Threat Actors are smart and have been trained on how the human brain works (wants to work) and that we tend to “fill in” parts of everything we do vs. reading or seeing everything for what it is. It is this lapse of the brain filling in parts you skip over and BAM, fish on!


Once access has been gained to your systems, it is a race against the clock. Will you identify you have a Threat Actor in your system(s) or will the Threat Actor cloak themselves so they cannot be found? If you have not identified the Threat Actor, they will spread “the bad news” by any number of mechanisms, such as malware or ransomware to name two. Any Personally Identifiable Information (PII) available?  If so, it will be collected and used against each person or at least an attempt will be made against each person.


And as you would expect, the whole purpose of this attack is to collect the information and get a copy of it off the network and into the hands of the Cyber Actor Leadership. While being exfiltrated, the original data may be encrypted after the data copy has left the network.


This is the last step in the anatomy of a Threat Actor. The Threat Actors will remove any remnants of them being there and they will sanitize all that they can so that they can come back in a month, or a year later, and start the process again.

The Unanticipated Consequences of Cyber Attacks

A couple of things come out of this, and one is a SURPRISE and the other, well, it is a SURPRISE too.  Surprise #1 is you may be provided with evidence of the cyber-attack and be presented with a “fee” to recover all your data. Surprise #2 is you are not notified of anything, except every employee in the business will receive calls at home from the Threat Actors trying to trick them into buying things or services. It will become a “water cooler” topic of discussion.

Defending Against Threat Actors

While we are all frustrated over these Threat Actors, we can educate ourselves and stand-up barriers of defense within our networks to help thwart this kind of activity. Contact ION Technology Group today to learn more about the defenses that are available or if you are seeking annual Cyber Security Training, ION Technology is your stop. Contact ION at 1.856.719.1818 today.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

An image representation of "Living Off The land"What is credential stuffing and how to defend from it