Absolutely not an abstract example, which I observed with my own eyes :)
An ordinary working day. The head of the IT department runs into the security director's office with a very ... expressive face :) "Some people came there, they show the ksivs."
The director exits.
A few law enforcement officers, easily recognizable by their fireproof closet athletic bodies, a middle-aged dude in an almost informal outfit ("expert"), and several boys and girls interns. All in civilian life. No one puts their face on the floor, everything is extremely polite.
Exceptionally politely, everyone was advised to leave the offices and go out into the corridor. Boys and girls watched the process. Then one of the employees goes with the administrator to the server room, and the rest - they come up to each computer in turn and the "expert" looks - what kind of software is installed there. Everything is rewritten.
JFYI, the "expert" knew what Linux was :) When he sat down at my computer, he immediately said "There's nothing to do here, Linux is here" :)
They took and took away a couple of computers. There is an assumption that we will not see them again. Users of these computers and administrators tore hair on the priest - there were developments not synchronized with the server and a lot!
After that, the director was called four times "for a chat" and the admins were given the go-ahead to purchase licenses with unlimitedbudget (
that
was a year ago.

Several non-abstract examples.
At one of the previous jobs, the same bosses were very frivolous about such things, they demanded to quack Photoshop and kemeat Windows, they say, what will happen to us, we are cool, we have everything under control.
Then it turned out that the bosses would be captured for one very sensitive place and I had to very urgently purchase software from MS and Adobe for several million rubles. Got thank you letters from them lol. There was nothing for the admins, for the enikeys (performers), too, the company was fined, no one was imprisoned. The firm is large. Oh big.
At another job, they also installed cracked Windows without unnecessary torment, but there on the MAC server there was the required number of licenses. The company is average.
Similarly - in government offices, they bought 1C faces and immediately grunted, pusho with such a freak was easier to grunt than to suffer with the keys. Windows from torrents, Offices too. Quiet and smooth, no one cares.
Moral: large firms will be caught, medium-sized ones can be if they struggle, and small and state offices have nothing to fear, too small a catch.

The persecution of a particular administrator or IT specialist is complicated by the fact that it is necessary to prove in some way that the subject had income from the installation of this software.
Thus, with sellers of disks or emergency computer help, everything is more or less clear. There is a fact of benefit or it is easy to "draw". And here if there is no "installation of illegal software" in the duties or in the reason for the promotion - alas.
Well, or if funds are not allocated for the purchase of software, and the IT bastard does not put a leftist