As the security analyst for a financial institution, you uncover evidence of repeated access attempts on a user account during off-hours. Your investigation identifies that the attempts originate from a geographical location not sanctioned for any business operations. Which category of threat actor does this situation suggest is most likely involved?
An internal staff member attempting to access the network remotely with misconfigured settings
A threat actor external to the organization using targeted measures to compromise systems
A novice individual testing their ability to infiltrate a network without malicious intent
A case of shadow IT where individuals within the organization are using unapproved external services