A cyber adversary gains access to user accounts / services for espionage purposes.
A denial of service attack which disrupts the victim's operations.
An attacker wipes disks or deploys encryption against target computers solely for disruptive or destructive purposes.
Adversaries distribute malware such as infostealers or banking trojans in order to profit financially.
Exploitation of vulnerabilities in order to obtain initial access to victims for potential future use - such as strategic compromise or onward sale.
Attacking an organisation or individual and publishing details or data for infamy or personal pride.
Attacking an organisation or individual and publishing details or data to achieve political or personal aims.
An adversary interacts with industrial control systems or operational technology in order to adversely affect operations.
Attackers gain access to a network or infrastructure to enable espionage operations (typically including theft of data) in the short or long term.
Use of phishing emails to obtain victim credentials.
An attack with a public impact (such as website defacement or social media account takeover) intended to damage the reputation of the victim.
Ransomware deployed by financially motivated actors in order to extort a victim for financial gain.
Compromising a supplier to enable onward access into their customers' environments.
Use of social engineering (for example, through 'phishing' or 'vishing') against employees in order to get the victim organisation to transfer money.
Use of social engineering (for example, through 'phishing' or 'vishing') against individuals in order to get the victim to transfer money or share financial details.
Modifying distributed software to gain access to the environments of its users.
An attacker steals data in order to extort the victim or sell it on.