A logic bomb is a malicious code segment hidden inside legitimate software that triggers under specific conditions (dates, system states, user actions). Because logic bombs require direct access to source code or the development environment, the most likely attacker is a trusted insider—especially a disgruntled developer or administrator with the ability to modify internal applications.

Security+ SY0-701 emphasizes that insider threats have:

Elevated access

Knowledge of internal systems

Ability to manipulate production code

Motivation driven by revenge, termination, or personal grievances

These factors make insiders uniquely capable of embedding logic bombs into internally-developed applications.

Nation-state actors (A) typically target critical infrastructure or advanced espionage, not internal business apps. Organized crime groups (C) seek financial gain and generally do not have internal code access. Hacktivists (D) focus on ideological disruption, typically through external attacks, not internal code manipulation.

Thus, the threat actor most likely to plant a logic bomb in internal software is B: Trusted insider.