An Attacker is an individual, group, organization, or government that executes an attack. Not to be confused with a vulnerability. An attack in the physical world might be someone who jumps out of the bushes to rob you with a knife. Whether you are vulnerable to the threat (the actor holding a knife) depends on whether you have significant martial arts experience. If you are a Black belt in Karate, you might not be vulnerable to the threat. If the threat is a gun instead of a knife, perhaps you become vulnerable.
In the same way, online threats are hacker organizations. They hack with many different tools and methods. Whether you are vulnerable depends upon you and your company’s preparations. Are your systems patched? Do you train and govern your staff on common attack methods so they can be spotted and deleted before causing a problem?
Synonym: Threat, Threat Actor
Source: Barnum & Sethi (2006), NIST SP 800-63 Rev 1