I have enough minimal knowledge to understand that successfully getting into enterprise systems at scale consistently is something like less than 0.01% even have the capacity and understanding to begin trying to do. Sometimes I like to read about recent high level hacks/leaks/campaigns and I often find it interesting how much of what is reported as face value comes from what supposed threat actors who likely have never been completely IDed in any real way say on high traffic black hat or data leak forums. The NPD "hack and leak" if you can call it that involved on of the largest datasets of unique SSNs (upwards of 250m). It came from a supposed databroker operation one man job running off of 5 servers 2 laptops and a PC out of a home office in Florida. The keys to the servers and dataset were stored on public domains in plain text. The dataset passed through three "threat actors" before it inexpliably ended up leaked without any of these "financially motivated" cybercriminals leveraging the insane dataset for monitization. USDoD, Fenice and STUX. All of this information coming from coorespondences from and between these accounts on BreachForums. The whole thing seems very very strange.

How much of what goes on in the black hat realms appears to be grassroots, decentralized networks operating loosely or unafiliated unicorns is actually state sponsered operations of one kind or another?