Comment by Moosdijk

Google "NSA TAO" -- Tailored Access Operations. AIUI, among other things they're responsible for developing, discovering, and weaponizing exploits used to access high value targets -- sometimes through fun techniques like "Quantum Insert", a sort of faster-man-in-the-middle attack. The wealth of exploits released in the equation group hack should put all doubts to rest.

There's a market for exploits that pays pretty well. Someone is throwing millions of dollars at them, and from what we can glean from investigations, leaks and whistle blowers, it's states that are buying them. One company in that space made world-wide news[1] by selling to governments.

[1] https://en.wikipedia.org/wiki/Hacking_Team

The whole NSA leaks thing proved it. They had a tool built for exploiting windows boxes which was leaked and converted in to the ransomware WannaCry which spread globally a few years ago.

The NSO Group, the Israeli team behind the Pegasus iOS spyware, have been accused of selling it to the UAE government.

https://www.haaretz.com/middle-east-news/.premium-with-israe...

Interview with a nation state hacker for TAO at NSA.

https://podcasts.apple.com/us/podcast/darknet-diaries/id1296...

I believe they described their toolbox as metasploit on steroids. Some other episodes of darknet diaries also interview former and current government hackers.

Who do you think the customers of ZDI, Zerodium, Azimuth and others are?

https://en.wikipedia.org/wiki/EternalBlue