Security experts have observed that the line between financially motivated criminal activities and politically motivated nation-state threat activities grows increasingly blurred. Some cybercrime operations mix state and criminal cyber threat activity; for example, North Korean state-sponsored threat actors launched cryptocurrency heists to “illicitly generate revenue for the country.” Further blurring the lines between states and criminals, the cybercriminal ecosystem is complex and constantly evolving. The Natto Team and others have explored this ecosystem, particularly in relation to ransomware. Various threat actors can be found on online underground discussion forums and marketplaces: cybercriminals who offer an array of specialized services, from pentesters and initial access brokers, to malware developers, to translators, ransom negotiators, and even government relations specialists. A thriving market in hackers-for-hire and ransomware-as-a-service makes it possible for even un…