As the cybersecurity lead for an international news agency, you are alerted by your threat...

Hacktivists are the most likely category because the scenario is driven by an ideological or political motive rather than direct financial gain. The attackers selectively accessed internal systems and leaked communications, then paired the leak with a manifesto accusing the agency of biased reporting. They also publicly claimed responsibility on social media and framed the intrusion as a fight against misinformation. In CEH-aligned terminology, hacktivism commonly involves unauthorized access, defacement, doxxing, or data leakage intended to influence public opinion, embarrass a target, or push a political or social agenda. The public messaging and justification are key indicators of hacktivist intent.

The other options do not fit as well. Script kiddies typically use ready-made tools with limited sophistication and usually do not produce coordinated ideological messaging or targeted, narrative-driven leaks. Black hat hackers are defined by malicious intent, but they are most commonly associated with theft for profit, extortion, fraud, or ransomware. This incident explicitly notes there was no ransomware and no financial tampering, reducing the likelihood that profit was the primary objective. White hat hackers operate with authorization and documented scope, and they do not leak sensitive whistleblower communications or publish manifestos.

Therefore, the combination of unauthorized access, selective exposure of sensitive information, and public ideological justification aligns most strongly with hacktivists.