"These mercenary hacker groups range from small groups with little funding to specialty shops run by ex-government spooks, to highly financed criminal groups who use similar if not identical tactics to nation state actors. That they are rarely discovered is due in part to their skill level and in part to being misidentified as a state actor instead of a non-state actor if they are discovered."
Cue implications for attribution and sanctions — and the possibility that the Sony Pictures hack blamed on North Korea was actually the work of mercenaries, says Europol cybersecurity advisor Alan Woodward.
"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell