Hackers occupy a special place in the modern imagination: hooded figures bathed in screenlight, masters of tech’s darkest arts, computer wizards casting spells of code, capable of cracking even the most heavily guarded systems.
The truth is a lot more mundane. Most hackers are pretty average. They have a few stock techniques and quickly move on if they fail after a few tries. The real worry lies further up the black hat hierarchy.
Advanced threat actors, persistent attackers, active adversaries — whatever the label, they’re the hacker elite, with the skills and stamina to try, try again and keep going ‘til they win.
Think of them as the dark web’s crime commandos: trained, experienced, resourceful, and committed to the task. To them, breaching defenses and exfiltrating data is a professional and personal challenge. They’re the ones that keep CSOs up at night.
Who are they, how do they operate, and how can firms fight back against the most dangerous class of A-list attackers?
Key Takeaways
- Hacking, it seems, is everywhere. But not all threats are created equal.
- An elite group of highly-trained, highly-skilled hackers continues to evolve and extend its influence.
- Elite hackers are becoming more capable, more professional, and more innovative.
- Defending against them requires an approach that can match their rising levels of ingenuity.
Who Are the Top Hackers, and How Did They Get So Good?
Kayla Underkoffler, Lead Security Technologist at HackerOne, told Techopedia that elite hackers are a diverse group “spanning from tech-savvy teenagers to seasoned adults.” That makes it difficult to compile a generic profile, but she points to US cybersecurity industry demographics as a guide.
“We can make an educated guess that the majority are male,” she says. “Operating globally, (they) are often associated with regions in Eastern Europe, Asia, the Middle East, and in countries like Russia, China, North Korea, and Iran where threat actors may also receive government support or protection; however, they can be based anywhere around the world.”
Sometimes, they work independently, sometimes as part of organized crime groups, or as employees of nation-state actors.
Motivations run from the ideological to the commercial. What’s interesting is how elite hacking has matured, mimicking the legitimate economy ecosystem its targets operate in.
A ‘Threat Community’
For example, there’s a clear public-sector/private-sector split. Michal Salat, Threat Intelligence Director at Gen (owners of Norton, Avast, and AVG), says:
“Advanced threat actors can be divided into two groups: State-sponsored and Commercial. While state-sponsored attackers are likely working either as contractors or full-time employees, commercial attackers might do the criminal activity as a side gig to a day job in IT.”
Salat says analysis of Telegram channels and Open Source Intelligence (OSINT) related to user handles shows that commercial elite hackers are often system administrators or programmers in their daily jobs.
They bring a high level of professionalism and organization to the role, including a clear division of labor.
“Commercial actors are operating as a business not dissimilar to a traditional software engineering company,” he adds. “There are specific jobs within the threat community like developers, QA testers, security testers/pentesters, researchers as well as customer support and marketing.”
Underkoffler says elite hackers can be “self-taught, hone skills through online forums, or they may receive a more structured cybersecurity education through university or military programs.”
How Elite Hackers Operate
Who’s in the crosshairs? David Emm, Principal Security Researcher at Kaspersky, tells Techopedia that In 2024, elite hackers are still focused on targets in financial services, government, and critical infrastructure, but there’s been “a noticeable shift towards more sophisticated ransomware and state-sponsored activities aimed at disruption and espionage.
“Real-world conflicts have not only seen the involvement of state-sponsored actors but also hacktivists and criminal gangs taking sides, which complicates the threat landscape significantly. These groups utilize cyberattacks as a means to influence public opinion, disrupt enemy infrastructure, and fund their operations.”
Gen’s Salat points to shift in emphasis from pure ransomware to data exfiltration: “The threat of publishing internal data seems to be more effective than encryption, even though in both cases the victim has to rely on the cybercrook honoring the deal. There is also a growing branch of infostealers that have drastically increased research in the past few months.”
One interesting development he notes is a change in approach, where some top-tier hackers avoid full frontal assaults and adopt a Malware as a Service (Maas) model instead, where the work is outsourced to others “who take care of the distribution, payments and such.”
Adapting and Innovating
Like every other tech category, elite hacking is also being reshaped by AI. “It allows for more effective and stealthy attacks,” says Emm. The use of generative AI is also on the rise, “helping to automate attacks and craft more convincing phishing campaigns.”
A recent HackerOne survey found that a third of US companies have already experienced an AI security incident, suggesting artificial intelligence has become both a weapon — and a target.
But it’s not all about cutting-edge tech. Traditional business concerns about cost-effectiveness and ROI also shape how elite hackers approach their work. They employ a strategic mix of technologies and methods to initiate their attacks, often using readily available tools to infiltrate and assess target environments.
“This approach allows them to save their more sophisticated, custom-developed malware for later stages once they have identified high-value targets,” says Emm. “By using common criminal tools first, they reduce the risk of their advanced tool sets being detected and ‘burnt,’ which would render these assets less effective and waste the significant investment made in their development.”
At least one elite hacking group is working to carve out its own specialism. Greg Lesnewich, senior threat researcher at Proofpoint, told Techopedia the firm is keeping a close watch on TA427, part of the North Korean group broadly known as Kimsuky.
“(TA427) has established itself as a social engineering expert,” he says, noting the group is finding creative ways to undermine DMARC white listing and make its campaigns look more legitimate. “This isn’t something we commonly see.”
How Businesses Can Defend Against Top Hackers
Elite hacking has become a kind of alternative professional service, demonstrating an ability to innovate and adapt while also adopting traditional business practices and organizational principles. How can organizations defend themselves against such a mature and capable adversary?
1. Blend Proactive and Reactive Tactics
HackerOne’s Underkoffler says penetration testing and red team exercises “are critical to systematically exploring possible security gaps and weaknesses within the attack surface and escalating any issues for remediation.”
Additionally, she says ongoing application testing via bounty programs provides another layer of defense. Enlisting ethical hackers to discover and address security flaws can balance the scale, as they constitute an elite of their own, one that’s “just as creative, diverse, and experienced, which helps them identify weaknesses.”
2. Be Ready to Restore and Rebuild
On a more sobering note, Gen’s Michal Salat says battling elite hackers is tricky:
“It is virtually impossible to defend against a highly motivated state-sponsored threat actor because they are capable of deploying personalized, one-of-a-kind, and previously unseen attacks. With these types of threats, the best defense is being prepared in case of an attack: backing up all data and having a crisis plan in place in case an attack occurs.”
“Elite hackers’ ability to engage in lateral attacks also points to the need for a zero-trust architecture with good network segmentation,” adds Salat. “A properly setup and monitored antivirus with behavioral analysis can also help identify attackers faster, while identity-aware firewalls can reduce the impact.”
3. Implement a Cybersecurity Training Program
“Creating a cybersecurity awareness training program empowers employees to recognize and mitigate potential threats, reducing the risk of insider incidents,” adds Underkoffler.
“Addressing vulnerabilities listed in the OWASP Top 10 and utilizing various CVE databases, such as CISA’s KEV ensures organizations stay ahead of emerging threats by implementing best practices and swiftly patching known vulnerabilities.”
4. Take Advantage of Threat Intelligence
Kaspersky’s David Emm says firms need to continually gather and analyze intel about emerging or existing threat actors and their tactics, techniques, and procedures (TTPs).
“By understanding the landscape of threats and anticipating potential security breaches, organizations can tailor their defensive strategies more effectively and stay one step ahead of highly-skilled attackers.”
Lure of the Lawless Life
Whether it’s for revenue, rebellion, revolution, ego gratification or the cachet of being initiated into a secret society, elite hacking has an outlaw attraction.
Uber-hacker turned white hat Kevin Mitnick once said he was addicted to hacking “for the intellectual challenge, the curiosity, the seduction of adventure; not for stealing, or causing damage or writing computer viruses.
“I was living like a character out of a movie. It was performance art.”
With those kinds of deep-seated personal motivations at play, it’s no wonder elite hackers continue to frustrate and confound cybersecurity experts — who sometimes fall victim themselves.
The best defense posture continues to be acting like a breach isn’t a matter of if, but when.
FAQs
Who is the king of hackers?
Who is the #1 ethical hacker?
What are the challenges in combating cybercrime?
Who is the youngest hacker in the world?
References
- Kayla Underkoffler – Lead Security Technologist – HackerOne | LinkedIn (Linkedin)
- Cyber Security Analyst demographics and statistics in the US (Zippia)
- Michal Salat (Twitter)
- David Emm (Securelist)
- Survey: One Third of U.S. Companies Polled Experienced an AI Security Incident in the Last Year (Hackerone)
- Greg Lesnewich (Linkedin)
- MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws (Thehackernews)