A cybercriminal is an individual who commits cybercrimes — criminal acts that involve information technologies (IT) either as a means or as a target. Cybercriminal activities include data theft, identity theft and fraud, online scams, spreading malware (including ransomware), denial-of-service attacks, and cybervandalism.
In popular culture, the term “cybercriminal” is often used synonymously with “hacker,” but that is not always correct. Cybercriminals are criminals first — their actions are explicitly against the criminal law. While many hackers are cybercriminals, others work within the law as cybersecurity consultants and penetration testers.