Types of Threat Actors (Adversaries) | AP Cybersecurity
Types of Threat Actors: Script Kiddies, Hacktivists, Insiders & More
Topic 2.1 asks you to identify types of adversaries and their motivations. Knowing who is attacking, and why, helps predict what they will target and how they will behave.
Contents
The five adversary types
Script kiddies are low-skilled and use tools built by others without understanding them, often for recognition or money. Hacktivists are driven by social, political, or personal causes and attack to support that cause. Insider threats are dangerous because they already have legitimate credentials and access; they may act out of greed or revenge, or be recruited.
Cyberterrorists aim to disrupt communities or nations, often targeting infrastructure like power grids or water systems. Transnational criminal organizations seek financial gain, usually through ransomware and stealing intellectual property to sell.
An employee with valid logins copies sensitive files to sell to a competitor. Which adversary type?
Reveal answer
An insider threat. The danger is that they already have legitimate access, so they bypass many external defenses. The motive here is greed.
Map motive to type: cause = hacktivist, financial gain = criminal organization, disruption of infrastructure = cyberterrorist, legitimate access = insider, borrowed tools = script kiddie.
Why the distinction matters
Different adversaries justify different defenses. Insider threats call for least-privilege access and monitoring; criminal organizations call for ransomware-resistant backups; cyberterrorists shift focus to critical infrastructure.
Knowing the likely adversary shapes your risk assessment, which is the next concept in this unit.
A group defaces a company website to protest its policies. Which adversary type and motive?
Reveal answer
Hacktivists, motivated by a social or political cause. They attack to advance the cause rather than for direct financial gain.
Insider risk tops breach reports
Industry breach studies consistently find that a large share of incidents involve an insider or a stolen-but-legitimate credential. That is why insiders are treated as a distinct, serious adversary.
Insiders bypass external defenses because they already have access.
Key Terms
| Script kiddie | A low-skilled attacker using others' tools. |
| Hacktivist | An attacker driven by a social or political cause. |
| Insider threat | An attacker with legitimate credentials and access. |
| Cyberterrorist | An attacker aiming to disrupt communities or infrastructure. |
| Criminal organization | A profit-driven group using ransomware and IP theft. |
Match It Up
Common Mistakes
Underestimating script kiddies
Low skill does not mean low impact; borrowed tools can still cause real damage.
Forgetting insiders have access
Insider threats already hold credentials, so external defenses miss them.
Confusing hacktivists with criminals
Hacktivists are cause-driven; criminal organizations are profit-driven.
Assuming all attackers want money
Motives vary: cause, revenge, recognition, and disruption are all real.
Check for Understanding
Frequently Asked Questions
Get in Touch
Whether you're a student, parent, or teacher — I'd love to hear from you.
Just want free AP CS resources?
Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.
Message Sent!
Thanks for reaching out. I'll get back to you within 24 hours.
Prefer email? Reach me directly at [email protected]