1.5 Threat actors & motivations
📘CompTIA Security+ SY0-701
When we study cybersecurity threats, understanding why an attacker does something (their motivation) is just as important as understanding how they do it.
Knowing their motivation helps organizations:
- Predict possible attacks
- Strengthen defenses
- Prioritize responses
🔸 1. Data Exfiltration
Meaning:
This means stealing or removing sensitive data from a network, device, or system without authorization.
Purpose in IT context:
Attackers want to take valuable data such as:
- Customer information
- Employee records
- Intellectual property (like source code or product designs)
- Database files containing confidential data
Motivation:
The stolen data can be:
- Sold on the dark web
- Used for blackmail or extortion
- Given to competitors or foreign governments
Example in IT terms (not analogy):
A hacker gains access to a company’s cloud storage and secretly downloads copies of HR records or research documents.
🔸 2. Espionage
Meaning:
Espionage means spying on another organization, government, or business to collect confidential information.
Motivation:
The attacker wants to gain intelligence — for example:
- Corporate espionage: Stealing product designs, trade secrets, or business strategies
- Nation-state espionage: Gaining military or political intelligence
IT context:
- Using malware or advanced persistent threats (APTs) to remain hidden in the network
- Collecting data over time without being detected
Goal:
To gain long-term advantage — not necessarily to destroy anything, but to gather useful information quietly.
🔸 3. Disruption
Meaning:
The attacker’s goal is to interrupt or stop normal business operations.
Motivation:
They want to cause downtime, inconvenience, or loss of reputation for the target.
IT context:
- Launching DDoS (Distributed Denial of Service) attacks to flood servers and make websites unavailable
- Deploying ransomware that locks files and stops business activities
- Tampering with systems or networks to delay production or operations
Goal:
To make the target unusable or unreliable, even if no data is stolen.
🔸 4. Financial Gain
Meaning:
This is one of the most common motivations. Attackers do it to earn money.
Motivation:
They want direct or indirect financial profit.
IT context examples:
- Ransomware: Encrypting files and demanding payment for decryption
- Phishing: Stealing login credentials to access online banking or payroll accounts
- Selling stolen data: Credit card information, personal data, or corporate secrets
- Cryptojacking: Using someone’s system resources secretly to mine cryptocurrency
Goal:
To make money through illegal or unethical digital activity.
🔸 5. Revenge
Meaning:
A personal or emotional motivation, often caused by anger, unfair treatment, or termination.
Motivation:
An insider or ex-employee might want to harm the organization because they feel wronged.
IT context:
- Deleting or modifying important files
- Leaking confidential company information online
- Planting malicious code or backdoors before leaving the job
Goal:
To cause damage or embarrassment to the organization or specific individuals.
🔸 6. Chaos
Meaning:
Some attackers are motivated by the desire to cause confusion, disorder, or instability just for the sake of it.
Motivation:
They don’t necessarily want money or data — they enjoy disrupting systems and creating panic or uncertainty.
IT context:
- Randomly defacing websites
- Disabling services or deleting data without purpose
- Launching random attacks against networks just to test their power or create headlines
Goal:
To cause widespread confusion, making organizations or users lose trust in systems.
🔸 7. Political / Philosophical
Meaning:
This motivation is ideological — driven by beliefs, causes, or values.
Motivation:
The attacker (often called a hacktivist) wants to:
- Promote a political agenda
- Protest against an organization or government
- Expose wrongdoing (real or perceived)
IT context:
- Hacking a government or corporate website to post political messages
- Leaking confidential emails to expose actions they disagree with
- Disrupting online platforms they believe are unethical
Goal:
To influence public opinion, gain attention, or spread a message.
🔸 8. War (Cyberwarfare)
Meaning:
Cyberwarfare happens when a nation-state or government uses cyberattacks against another country.
Motivation:
To weaken, spy on, or damage another nation’s:
- Military systems
- Infrastructure (like power grids, communication networks, water supply systems)
- Economy or public trust
IT context:
- Attacking government or defense networks
- Infiltrating critical infrastructure control systems (SCADA/ICS)
- Disrupting communication channels during conflict
Goal:
To gain military or strategic advantage or to destabilize another nation.
🧩 Summary Table
| Motivation Type | Description | Typical IT Example | Goal |
|---|---|---|---|
| Data Exfiltration | Stealing sensitive data | Copying confidential files | Sell or use stolen data |
| Espionage | Secretly collecting information | Hiding malware to monitor systems | Gain intelligence advantage |
| Disruption | Interrupting operations | DDoS, ransomware | Stop business or service |
| Financial Gain | Earning money | Phishing, ransomware | Profit |
| Revenge | Personal retaliation | Insider deleting data | Harm organization |
| Chaos | Causing disorder | Random system attacks | Create panic/confusion |
| Political/Philosophical | Promoting beliefs | Hacktivism, leaking data | Influence public opinion |
| War | State-sponsored cyberattacks | Attacking critical infrastructure | Strategic or military dominance |
🧠 Exam Tip:
In the Security+ SY0-701 exam, you may be asked:
- To identify the attacker’s motivation based on a scenario.
Example: If an employee leaks company data after being fired → motivation = revenge. - To differentiate between espionage and data exfiltration — espionage is ongoing spying, while exfiltration is the actual act of taking data.
- To connect motivations to threat actors (e.g., nation-states → war/espionage, hacktivists → political/philosophical, insiders → revenge).
✅ Key Takeaways:
- Motivation drives the attack method.
- Different motivations → different targets and techniques.
- Recognizing motivation helps design better defenses.
