Cyber Mercenaries: A New Threat to National Security

The use of cyber weapons by both state and non-state actors is steadily increasing, as these tools are recognized as effective and cost-efficient means of achieving political objectives and generating disruption. In response to this growing demand, cyber mercenaries—skilled hacker groups who offer their services for hire—have emerged as key players in the cyber threat landscape. Such groups are often contracted not only for their technical expertise but also to provide plausible deniability and obscure attribution for sponsoring states or organizations seeking to conceal their involvement. This paper examines two prominent examples of cyber mercenary groups. Project Raven, composed of former NSA operatives hired by the United Arab Emirates, was responsible for developing the “Karma” iPhone iMessage exploit. The Shadow Brokers gained notoriety for stealing and reselling cyber weapons, including zero-day exploits, from major intelligence agencies. Tools leaked by the Shadow Brokers were instrumental in the execution of the WannaCry and NotPetya attacks, which caused widespread global damage.