It appears that the group has divided into multiple subgroups that are not necessarily of the same technical sophistication. This can be observed through the many documented examples of bad practices coming from these ‘frontline’ groups that execute social engineering attacks when compared to the more sophisticated post-exploitation techniques applied in some of these known hacks.