Unusual suspects

Nation state

Nation-state actors and criminals-with-license from China and Russia, similar actors from the Five Eyes (make that many eyes), adversaries from other nation states, for information and profit.

These have virtually unlimited resources (from taxpayers), direct access (including through confiscating equipment), and if not for that, never-ending exploits/backdoors (gifts that keep giving), anonymisation and C&C, immunity from prosecution (laws are for subjects, they stand above it), and plausible deniability (lying). These adversaries believe it is their right/obligation/duty.

Digital crime gangs

Organised digital crime gangs, in it for profit. These have virtually unlimited resources too (from previous attacks), reverse engineered or copied never-ending exploits/backdoors (gifts that keep giving), and lying.

Insiders

If you are defending an organisation, insiders working for either of the two groups (for money), or just unhappy people out for some (personal) revenge for something.

Anyone, really

If you have bitcoin and can click, you can be an adversary, thanks to Malware-as-a-Service (MaaS).

All of ‘em

In all cases, adversaries are highly motivated and/or conditioned, and are lying, including to themselves with “We do it for [insert reasons here]”.

In general, attackers are multiplying, diversifying their exploits, and making attacks more targeted. Cybercrime organisations and nation-state offensive groups operate much more like traditional companies, with responsibilities, deliverables, and objectives. They quickly adopt new technologies, and have deep pockets from past exploits or from nation-state sponsors, allowing experimenting with and incorporating new technologies like generative AI, which make their attacks more complex and much harder to detect.

Distribution seems to have become more concentrated with adversaries carrying out more targeted attacks using quickly adaptable and sophisticated playbooks (which were probably adopted from red teaming).