BAE says that think tanks are attractive targets because they have an unusual combination of a high level of trust among the participants with relatively low resources for defense.
In a video with James Hatch, Director of Cyber Services at BAE Systems Applied Intelligence, the attacks against think tanks are described in more details:
Attackers want to access think tank network for two purposes: Firstly, they are interested in the conversations and policy discussions that go on within those organization, and secondly, they are interested in using them as staging posts to attack major corporations and government departments. They'll do this either by compromising email infrastructure to be able to set up spearfishing attacks or by compromising websites to be able to set up watering hole attacks.
We recently investigated an attack on a major think tank where their website was compromised. The compromise was undertaken using an exploit that had only been publicly known about for a few days. Anyone who accessed the website would have had software downloaded on their machine that would have given a toehold to the attackers. Given the nature of that think tank, most of the people accessing that website would have been doing so from the machines of major corporations. We traced the attack group to be a nation-state with a particular interest in commercial espionage.
In other words, think tanks could very likely be exposing your business to cyber attacks and espionage.
As Think Tank Watch has reported, during the past few years, it has been publicly (and privately) disclosed that nearly every major US think tank has been hacked. Besides attacks on Heritage and Urban Institute, Think Tank Watch has documented hacks on think tanks such as the Aspen Institute, Brookings, American Enterprise Institute (AEI), Center for American Progress (CAP), Council on Foreign Relations (CFR), and Center for Strategic and International Studies (CSIS).