The threat associated with nation-state-backed hacking groups has been well-researched and chronicled in recent times, but there’s another, equally dangerous set of adversaries that’s operated comparatively in the shadows for years.
These are hack-for-hire groups that specialize in breaking into systems and stealing email and other data as a service. Their clients can be private investigators, law firms, business rivals, and others that don’t have the capabilities to carry out these attacks on their own. Such cyber mercenaries often openly advertise their services and target any entity of interest to their clients, unlike state-backed advanced persistent threat (APT) actors, which tend to be stealthy and have specific missions and a tight target focus.