When an organization says something like “targeted and professional”, you kinda have to take it with a grain of salt. Saying a hack was “sophisticated” or “professionally-done” or whatever minimizes the role of vulnerabilities in the organization’s infrastructure. Rather than “we fucked up leaving this massive hole in our security”, it’s “those professional hackers persevered night and day working to find even the tiniest chink in our practically-impenetrable armor”. Nine times out of ten, a “professional hack” actually means that the password for the super-critical system was “password” or the intern (or worse, ChatGPT) doesn’t know what “OS injection” means and no one actually does code reviews.