Final answer:
The incorrect statement regarding threat actors' use of PowerShell is that it has strong built-in security features. Instead, attackers use PowerShell due to its automation abilities, extensive system access, and difficulty in being detected in network traffic, not because it is inherently secure.
Step-by-step explanation:
The statement 'It has strong built-in security features' is not a reason that threat actors use PowerShell for attacks. PowerShell is a powerful scripting language which provides extensive access to system processes and allows for automation, making it a favorite tool for attackers. However, its use in attacks is not because it has strong built-in security features but rather because it is often trusted by system administrators and can evade traditional antivirus solutions by running scripts in memory. Additionally, it's native to Windows operating systems, and its integration with the Windows environment provides adversaries with the ability to maneuver stealthily. Moreover, the detection of PowerShell commands in network traffic can be difficult as it may blend with legitimate use by system administrators.