An individual or group responsible for malicious activity. Investigators may classify threat actors by capability and motive and correlate behaviors, infrastructure, tooling, language patterns, and operational timelines to connect incidents and support attribution.
