-
lines between private hacker groups and state sponsored hacking have been very blurry for a long time
From direct experience and knowledge of some individuals working on state things... this is very very true.
A lot of state sponsored activity is outsourced to third parties to create a plausible air gap between the activity and the state in question. The third parties are given a lot of freedom to do things that states couldn't legally do.
If I actually met anyone for a beer any time soon I'd share some of this stuff, but it's not for posting on the public internet.
The gist: The gov do not have the best tools, people, skills, abilities here... but they do have deep pockets and the ability to turn the other way... so the people they hire are the infosec people who walk a very very fine line between landing themselves in jail, working at high tech startups, and speaking at defcon.
-
A lot of state sponsored activity is outsourced to third parties to create a plausible air gap between the activity and the state in question. The third parties are given a lot of freedom to do things that states couldn't legally do.
And sometimes then get hired by the targets to figure out what happened.
The lines between private hacker groups and state sponsored hacking have been very blurry for a long time. Its essentially a new cold war filled with agents and double agents.