Most APTs companies are already dealing with are either directly state-sponsored or state-permitted as has been seen with tr fairly common Cyrillic, Simplfied Chinese, and Hebrew keyboard checks that have become fairly common in offensive payloads, so the division you are making has been nonexistent for decades.
This is just a tacit admission of a practice that has been occurring under the radar for years now.
Anyway, it's actually bad if there's been a problem for years, and the way it becomes widely known is by Authority(TM) legitimizing it instead of trying to stamp it out.
Russia, China, India, Singapore, Israel, South Korea, and Japan don't cooperate on stamping out these kinds of operations. Even EU states likes Italy, Czechia, Poland, Hungary, and Greece have continued to allow these kinds of organizations to operate and proliferate capabilities, so much so that the European Parliament attempted an investigation that was promptly ignored by those states because "national security" falls under national sovereignty.
When it's morals versus national security, national security always wins, and no country will leave capabilities unused in the interest of maintaining a moral high-ground.
> the way it becomes widely known
It has been widely know in the security industry for years.
This is just a tacit admission of a practice that has been occurring under the radar for years now.