"These mercenary hacker groups range from small groups with little funding to specialty shops run by ex-government spooks, to highly financed criminal groups who use similar if not identical tactics to nation state actors. That they are rarely discovered is due in part to their skill level and in part to being misidentified as a state actor instead of a non-state actor if they are discovered."
Cue implications for attribution and sanctions — and the possibility that the Sony Pictures hack blamed on North Korea was actually the work of mercenaries, says Europol cybersecurity advisor Alan Woodward.
"It doesn't much signify whom one marries for one is sure to find out next morning it was someone else." -- Rogers