Examples of snooping that lack the ability to do a MITM attack:
1. Listening to an encrypted wifi session, then breaking the encryption offline
2. Tapping into undersea fiber (the listening party is going to have a hard enough time exfiltrating the snooped bytes; setting up a "take over" command and associated equipment is prohibitive due to both the technical and political risks)
3. Listening device inside a government facility. China famously does this for example by using a small office-supply firm to get equipment into a US facility somewhere is Asia; the copy machine has a hard drive like any copy machine and there's nothing suspicious about that, right? And then you find the second, and the third, and the fourth hard drive hidden in places you would never look. The data is exfiltrated only when the machine is replaced as part of a regular service contract.
Need I go on?