"These mercenary hacker groups range from small groups with little funding to specialty shops run by ex-government spooks, to highly financed criminal groups who use similar if not identical tactics to nation state actors. That they are rarely discovered is due in part to their skill level and in part to being misidentified as a state actor instead of a non-state actor if they are discovered."
Cue implications for attribution and sanctions — and the possibility that the Sony Pictures hack blamed on North Korea was actually the work of mercenaries, says Europol cybersecurity advisor Alan Woodward.
Given its constituency, the only thing I expect to be "open" about [the Open Software Foundation] is its mouth. -- John Gilmore