Uncover gaps in your Microsoft Identity Security.
Book an identity exposure gap analysis today.
Vectra AI Japan、ITR発行の最新レポート内「NDR市場」にて国内トップシェアを獲得
詳細を見る
Hamburger icon top line
Hamburger icon middle line
Hamburger icon bottom line

Understanding Threat Actors

Knowing your enemies to understand their behaviors and better protect your company.

Threat actors are individuals or groups that conduct malicious activities to exploit vulnerabilities and compromise the security of systems, networks, or data. Understanding the nature, motivations, and methods of threat actors is crucial for SOC analysts to effectively defend against cyber threats.

Threat Actors
Ransomware GroupsAPTsHacktivists
Tools used
Information gatheringRemote accessFile transferCredential theftCommand & ControlMiscellaneous

List of Threat Actors

Who is targeting you?

Ransomware Groups
APTs
Hacktivists

Ransomware Groups

Ransomware groups are organized cybercriminal entities that specialize in ransomware attacks. While these groups typically employ many similar sophisticated tactics, techniques, and procedures to compromise systems, encrypt data, and extort victims for financial gain, they also have their own specific methods and strategies.

8base

ALPHV Blackcat

Akira

BianLian

Black Basta

Blacksuit

Brain Cipher

Cicada3301

Lockbit

Medusa

PLAY

Pryx

RA Group

RansomHub

Rhysida

Advanced Persistent Threats (APTs)

Advanced Persistent Threats (APTs) are organized cybercriminal entities or state-sponsored groups that specialize in prolonged and covert cyberattacks.

While these groups commonly employ sophisticated tactics, techniques, and procedures to infiltrate and maintain unauthorized access to target systems, exfiltrating sensitive data over extended periods, they also possess unique methods and strategies tailored to their specific objectives and targets.

APT29

Lazarus Group

Hacktivists

Hacktivist groups are organized entities that use hacking techniques to promote political agendas or social causes. While these groups often employ similar sophisticated tactics, techniques, and procedures to compromise systems, deface websites, and disrupt services, they also have their own specific methods and strategies tailored to their particular objectives and messages.

Hacktivists profiles will be available shortly.

MITRE ATT&CK TTPs

Threat Actors' most used techniques

Ransomware Groups

Ransomware groups are organized cybercriminal entities that specialize in ransomware attacks. While these groups typically employ many similar sophisticated tactics, techniques, and procedures to compromise systems, encrypt data, and extort victims for financial gain, they also have their own specific methods and strategies.

TA0001: Initial Access
T1078: Valid Accounts
T1190: Exploit Public-Facing Application
T1566: Phishing
TA0002: Execution
T1059: Command and Scripting Interpreter
TA0003: Persistence
T1136: Create Account
T1078: Valid Accounts
TA0004: Privilege Escalation
T1484: Domain Policy Modification
TA0005: Defense Evasion
T1070: Indicator Removal
T1112: Modify Registry
T1562: Impair Defenses
TA0006: Credential Access
T1003: OS Credential Dumping
T1552: Unsecured Credentials
TA0007: Discovery
T1018: Remote System Discovery
T1082: System Information Discovery
TA0008: Lateral Movement
T1021: Remote Services
TA0009: Collection
T1560: Archive Collected Data
TA0011: Command & Control
T1071: Application Layer Protocol
TA0010: Exfiltration
T1048: Exfiltration Over Alternative Protocol
T1567: Exfiltration Over Web Service
TA0040: Impact
T1486: Data Encrypted for Impact
T1490: Inhibit System Recovery
T1657: Network Denial of Service

Tools & Techniques

Tools used by Threat Actors

Most used

Information gathering

Remote access

File Transfer

Credential theft

Command & control

Miscellaneous
Active Directory information gathering

AdFind

Collecting details about AD environments for analysis and security assessments
Network scanning

Advanced IP Scanner

Locating IP addresses and network resources
Active Directory analysis

Bloodhound

Finding potential exploitation paths in AD environments
Network testing

Microsoft Nltest

Testing and troubleshooting network issues
System monitoring

PCHunter64

Monitoring and analyzing system activities
Process monitoring

Process Hacker

Monitoring and managing processes and services
Remote desktop application

AnyDesk

Secure remote connections and support
Remote management

Fleetdeck.io

Monitoring and managing distributed teams
Project management

Level.io

Collaborating and managing projects online
Remote monitoring and management

Pulseway

Managing IT infrastructure remotely
Remote support

Screenconnect

Providing remote assistance and support
Remote desktop access

Splashtop

Accessing desktops and applications remotely
Remote monitoring and management

Tactical.RMM

Managing IT infrastructure remotely
Remote control and support

Teamviewer

Providing remote access and support
BITS transfer management

BITSAdmin

Managing Background Intelligent Transfer Service tasks
FTP client

FileZilla

Secure file transfers
Cloud synchronization

MEGA Ltd MegaSync

Syncing files with cloud storage
Cloud storage management

Rclone

Managing files on cloud storage services
File compression

WinRAR

Compressing and decompressing files
SFTP and FTP client

WinSCP

Secure file transfers between local and remote systems
Password retrieval

LaZagne

Extracting stored passwords from applications
Credential extraction

Mimikatz

Extracting plaintext passwords and other security secrets from Windows
Web vulnerability scanning

Nekto / PriviCMD

Scanning web applications for vulnerabilities
Privilege escalation auditing

WinPEAS

Finding possible local privilege escalation paths on Windows

What is your Attack Exposure Gap?

This gap analysis aims to help organizations understand their threat exposure even with endpoint controls in place, and what actions can be taken to address the risks.

Download the Research Report
Take the assessment