> So far there have been zero APT attacks traced back to inside jobs.
That means we're not finding them, not that they don't exist.
Considering how easy it is to create plausible external attack vectors from the inside, I would be surprised if it didn't exist.
As you said, intelligence agencies have had people on the inside of important organisations since forever. That's what they do. It's not like everyone decided inside access is useless, it's more likely it has become easier to not burn insiders by them having to work hands on.
That means we're not finding them, not that they don't exist.
Considering how easy it is to create plausible external attack vectors from the inside, I would be surprised if it didn't exist.
As you said, intelligence agencies have had people on the inside of important organisations since forever. That's what they do. It's not like everyone decided inside access is useless, it's more likely it has become easier to not burn insiders by them having to work hands on.