Credit: Oscar alexander CC-BY-SA-3.0 https://creativecommons.org/licenses/by-sa/3.0/deed.en
Consider this past question from an "ethical hacking" certification posted on itexamanswers.net 1 :
Which threat actor term describes a well-funded and motivated group that will use the latest attack techniques for financial gain?
- hacktivist
- state-sponsored attacker
- organized crime
- insider threat
The question describes the threat actor as follows:
- The threat actor is a group of, presumably, people
- They're well-funded
- They're motivated
- They use the latest attack techniques
- They desire financial gain
A hacktivist, a horrible portmanteau of hack and activism, in the examiners head is likely underfunded and doesn't desire financial gain. 2 Never mind that the term activism intends to delegitimize people's political when someone selectively calls a person activist when they don't agree with that person's opinion. Let's rule out hacktivist then.
A state-sponsored attacker can seek financial gain. This can happen directly or indirectly. State-sponsored groups performing espionage can create financial gain for a country when they steal trade secrets. The sponsoring state likely compensates them well for their work: a direct financial gain. Let's call this a yes then.
What about organized crime? If they manage their finances right, they may be well-funded. They need more finances, so they desire financial gain. It's questionable whether they use the latest attack techniques. If the examiner thinks that the OWASP Top 10 classify as latest attack techniques, then organized crime are a yes for this question.
Lastly, consider an insider threat. They may be well-funded and are perhaps receiving money from an outside group. Who's to say that they're not using the latest attack techniques? They may desire financial gain for all we know. Let's call this a yes for this question, too.
Too bad that this question isn't a multiple-choice question. Here's the "correct" answer:
organized crime
The author on itexamanswers.net explains:
Several years ago, the cybercrime industry took over the number-one spot for the most profitable illegal industry, attracting a new type of cyber-criminal. Organized crime goes where the money is. It consists of very well-funded and motivated groups that will typically use any of the latest attack techniques to gain access to information systems.
Perhaps the author wants to evoke the image of wealthy ransomware gangs in your mind6. At the same time, state-sponsored attacks provide a steady income to North Korea. The U.S. Department of the Treasury alleges that North Korea-affiliated attackers stole over 3 billion USD in mostly cryptocurrency between 2022 and 2025.3
I find little value in cybersecurity education if it merely teaches you outdated trivia that never leaves room for nuance. I doubt that the companies trying to fill their 750,000 cybersecurity roles 4 need workers armed with boring information morsels. Then again, I doubt that these 750,000 roles exist in the first place or that these companies offer salaries high enough to motivate workers to fill these roles.
You're likely to attain more worthwhile knowledge by purchasing a second-hand wireless router, dumping the firmware, and finding a null-pointer dereference bug.5
-
Which threat actor term describes a well-funded and motivated group that will use the latest attack techniques for financial gain? on itexamanswers.net from Oct 11, 2023 ↩
-
You'd think someone being underfunded means that they're interested in having more finances to do their activism ↩
-
Treasury Sanctions DPRK Bankers and Institutions Involved in Laundering Cybercrime Proceeds and IT Worker Funds home.treasury.gov. Nov 4, 2025 ↩
-
Cybersecurity Workforce Shortage: A Comprehensive 2025 Study acsmi.org ↩
-
Which I've done: Security Advisory on Null pointer Dereference Vulnerability on TP-Link TL-WR841N (CVE-2025-9014) from Jan 15, 2026 ↩
-
Or perhaps I've listened to too much Darknet Diaries last year. ↩