Mod 07 · Adversary Ecosystem
Six archetypes. One ladder.
Threat actors come in stable archetypes — long-lived shapes that outlast specific group names, campaigns, and CVEs. The capability ladder runs from automated opportunists (most of the volume) up to nation-state operators (the smallest set, the most patient). Insiders sit outside the ladder: they're authorized, which is why they don't need any of it.
Tier 0
Opportunistic / commodity
5 relevant defenses
Open →
Tier 1
Commodity ransomware / RaaS affiliates
5 relevant defenses
Open →
Tier 2
Hacktivist / ideological
4 relevant defenses
Open →
Tier 3
Organized cybercrime
5 relevant defenses
Open →
Tier 4
Nation-state / APT
6 relevant defenses
Open →
Insider
Insider (malicious + negligent)
5 relevant defenses
Open →