In the April 2022 edition of the White Paper Series, the Intelligence & Analysis Division examines state-sanctioned hacking groups, which can serve the objectives of nation-state adversaries, without explicit direction, while receiving safe haven and (likely) tacit approval from their host nation. Groups such as this were involved in the 2021 ransomware attack on Colonial Pipeline, as well as the defacing of a U.S. government website following the killing of a high-profile Iranian military leader by the U.S.