The threat landscape is changing. Organizations need to defend against an ever-evolving tranche of threat actors. For a long time, the lines that distinguish state-sponsored and crimeware groups were well-defined. We believe this is no longer the case. In today’s landscape, there are groups that, although their modus operandi (MO) is consistent with crimeware groups, act like state sponsored groups. This poses new challenges to the defending organizations as these groups become more prevalent and dangerous which, depending on the organization’s risk profile, may require more attention.
In light of recent events, we believe it’s time to recognize that a new category can be defined, one where the ransomware syndicates enjoy some kind of protection from Governments, even if not intentionally. Therefore, Talos proposes the term “privateers” to describe actors who benefit either from government decisions to turn a blind eye toward their activities or from more material support, but where the government doesn’t necessarily exert direct control over their actions.
Source: CISCO Talos