This one is a bit more complicated, but is probably the most sophisticated sort of cyberspying. Oftentimes organizations holding very confidential data don't connect the computers holding this information to the internet. Instead, these devices are considered air-gapped. This means they are completely isolated from any external networks.
This may seem like an impossible thing to hack into, but it turns out there is a way. If a spy wants to get this data, they are able to implant a small device onto the computer that infects the closed-off network with a malware. Then, this malware can collect data on the infected network and send it via radio signals that every computer video card automatically generates.
And here's where it gets even crazier: People's smartphones can work as the way to deliver this data. So if someone with a mobile phone is nearby, they can unwittingly receive data sent from the device to the mobile phone via FM waves and then send that data to a hacker.
To set this up would require both getting the malware onto the air-gapped computers, as well as infecting a mobile phone to receive this data. But it's not impossible, and it's likely a variation of this method that the well-known Stuxnet worm was first implanted.