There’s a popular misconception about what hackers look like. Most laypeople picture hackers as the Hollywood-ified nerdy computer genius or geek in a hoodie. Even security professionals might assume bad actors usually come from strong computer science or technical backgrounds.

But there’s a new ransomware trend that’s challenging this stereotype. With malicious tools like Ransomware-as-a-Service (RaaS), hackers can now take different shapes and sizes, allowing anyone from a seasoned hacker in a ransomware group to a disgruntled former employee to breach security systems.

As RaaS widens the threat landscape, understanding different types of hackers and their unique motivations is more critical than ever for third-party risk management (TPRM) programs. Once security teams crack the nut behind what motivates bad actors, they can put in protections to secure the assets that might prompt malicious hackers to attack.

Top Motivations for the Most Common Hackers: Black, White, and Gray Hat

Cybercriminals put a lot of thought and pre-planning into their attacks. So, the key to stopping those attacks is knowing what motivates them in the first place.

In most cases, hackers are motivated by the following:

  • Money.
  • Reputation.
  • Personal or political beliefs.

But there’s no one-size-fits-all motivation for the variety of bad actors moving through today’s threat landscape. That’s why we’ve created this quick-hit list of the most common different types of hackers out there.

Let’s start with the three primary types of hackers: Black hat, white hat, and gray hat. Each color is directly associated with the hacker’s motivation for hacking. Understanding if they’re dealing with black, white, or gray hat hackers can give security teams a good idea of what level of threat (if any) they’re dealing with.

Black Hat Hackers

Black hat hackers are the classic bad actors. They’re hacking without authorization and specifically with malicious intent. Their motivations include pursuing personal gain, causing harm, or causing chaos. 

Black hat actors are cybercriminals conducting illegal activities like stealing sensitive information, breaching digital supply chains, and distributing malware. They’re also the types of hackers that are typically responsible for creating RaaS. But keep in mind, a black hat hacker doesn’t have to be a computer science genius or even a creator of RaaS to be black hat.

Examples of infamous black hat hackers include:

  • Conti, a ransomware group that claimed responsibility for dozens of attacks in 2020. It operated using a RaaS attack model — meaning Conti would pay “affiliates” to deploy its ready-made ransomware. After a 2022 data leak revealed sensitive information on the crime syndicate’s structure, Conti shut down central operations and re-emerged as smaller, disparate groups.
  • LockBit, another ransomware group that aggressively attacked the U.K.’s Royal Mail in 2023. It also operates on a RaaS attack model.
  • Kevin Mitnick, a bad actor in the 80s and 90s who hacked dozens of major corporations, ended up serving jail time and now runs his own security firm.

White Hat Hackers

White hat hackers, also known as ethical hackers, are the “good guys” of hacking. Organizations authorize white hat hackers (typically on a contract basis) to breach their security systems to test and strengthen their cybersecurity defenses. 

White hat hackers use the same techniques as black hat hackers to mimic the circumstances of a real breach — but they use these methods to identify vulnerabilities without taking advantage of them. That way, organizations can fix these vulnerabilities before malicious actors exploit them.

Remember, white hat hackers are not considered cybercriminals. Ethical hacking is a legitimate profession with certifications and guidelines for ethical conduct. White hat hackers often engage in conferences and meet-ups with other ethical hackers to keep their skills sharp and up-to-date.

One popular white hat conference is DEF CON. Cybersecurity professionals, ethical hackers, and tech enthusiasts from all over the world attend this annual event. Events like DEF CON promote knowledge sharing among white hat hackers, ultimately improving security practices across the industry.

For example, ethical hackers can participate in the Capture the Flag (CTF) competition at DEF CON. CTF challenges participants to solve various cybersecurity problems and exploit vulnerabilities in a controlled environment. This event allows ethical hackers to collaboratively innovate new ways to tackle top-of-mind security issues and improve security practices across the entire industry. It helps white hat hackers develop more effective ways of defending against malicious attacks.

Gray Hat Hackers

Gray hat hackers are a little more complicated. They live in a moral gray area regarding the motivations fueling their attacks.

Grey hat hackers may exploit vulnerabilities without permission, but their intentions are not always malicious. Sometimes, gray hat hackers will disclose the vulnerabilities they find in the target organization to that organization. However, they might also request a fee or recognition for discovering security weaknesses.

Why do gray hat hackers decide to launch a breach? Their motivations can include several subjective, personal factors:

  • Curiosity: Gray hat hackers may desire to explore systems and networks, test their skills, and learn from their successful hacks. That endless curiosity may push them to identify and exploit vulnerabilities without permission.
  • Recognition: Some gray hat hackers might seek recognition and validation for their skills within the larger cybersecurity community. They may believe that conducting a successful breach and identifying prime vulnerabilities will help them gain the respect of their peers.
  • Financial gain: Money talks. Gray hat hackers may want to monetize their skills by identifying vulnerabilities and then offering to remediate them for a fee. They could also profit by selling information about security flaws to other parties, including the affected organization or third-party security firms.
  • Altruism: Gray hat hackers might genuinely want to help organizations improve their security standing — and think they’re bettering the cyber community by identifying exploitable vulnerabilities.

Although gray hat hacking can sometimes lead to improved security, it’s still ethically (and legally) suspect due to the lack of authorization from the target organization. It’s like your neighbor weeding your garden without them asking first.

Other Types of Hackers

Within the black-white-gray hat trifecta are several other kinds of hackers with more specific motivations that organizations should be aware of.


Hacktivists use their hacking skills to promote a political or social cause. They often target organizations, governments, or individuals they perceive as unethical, oppressive, or otherwise morally objectionable.

Their methods include defacing websites, launching Distributed Denial of Service (DDoS) attacks, or leaking sensitive information to expose perceived wrongdoings.

Hacktivists can be solo actors (like Julian Assange) or part of a larger, more nebulous group (like Anonymous). Some famous examples of real-life hacktivist events include:

Malicious Insiders or Whistleblowers

Malicious insiders or whistleblowers are a growing concern for organizations and their cybersecurity professionals. These individuals have legitimate access to an organization’s systems, data, or information, so their attacks may take a different shape. They often use their authority to cause harm, leak information, or expose wrongdoing.

Malicious insiders can be motivated by a litany of factors — such as personal grievances, financial gain, or ideological beliefs. While malicious insiders or whistleblowers may disclose information with the intention of altruistic good (i.e., exposing illegal or unethical practices), their actions can significantly damage the organization’s digital or even physical security.

Real-life examples of malicious insiders include:

  • Jack Texeira, a U.S. Air National guardsman who shared classified Pentagon assets to a Discord server in 2023.
  • Chelsea Manning, a former U.S. Army soldier who disclosed sensitive military documents to WikiLeaks in 2013.
  • Edward Snowden, a former National Security Agency (NSA) contractor who leaked highly classified NSA information in 2013.

State- or Nation-Sponsored Hackers

Attacks launched by state- or nation-sponsored hackers can cause geopolitical turmoil. These hackers work on behalf of a government or nation-state to conduct several cyber operations, including espionage, sabotage, or misinformation campaigns. 

Their targets typically include other nations — but they might also attack organizations or individuals for political gains. State-sponsored hackers’ goals typically range from gathering critical intelligence for their state’s benefit to causing economic or political damage.

Some popular nation-sponsored hacks include:

Keep Friends Close and Your Enemies Closer

Innovations with RaaS, methods of exploitation, and changes in the geopolitical sphere have transformed the threat landscape. Knowledge about the different types of hackers helps security teams respond swiftly and efficiently to potential threats before they even hit.

To incorporate that knowledge into their TPRM programs, organizations should:

  • Tailor their risk assessments to consider specific threats posed by different hacker types, including probable financial impact.
  • Establish processes for ongoing monitoring and evaluation of third-party security measures.
  • Provide training and awareness programs for both internal employees and third-party vendors to foster a strong education on the various types of hackers and how to recognize them.

When building out a strong TPRM program, it’s best to “keep your friends close and your enemies even closer.” The better security teams know their enemies, the better they can take action to stop bad actors in their tracks.

Want to know more about how the different types of hackers make moves to breach your organization?

Read on to find out how they target the weakest link in your digital supply chain.