CYBER
ESPIONAGE
(APT)
If you can read French, I have written a book about cyberespionage, available on Amazon or in French libraries.
Thanks to my editor, Editions Eyrolles.
They wrote about it:
Cyber-Securite.fr
Cybertactique
Stéphane Bortzmeyer
M82 Project
This page lists all public cyberespionage (APT) publications I’ve worked on through time.
2024
Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion
(in collab with Jaromir Horejsi)
Full paper
Journalists about it: Decipher – The Hacker News
—
Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections
(in collab with Jaromir Horejsi)
Full paper
Journalists about it: – Taipei Times – Candid Technologies – Security Online – IT Daily
2022
Delving Deep: An Analysis of Earth Lusca’s Operations
Summary – Full paper
(in collab with Joseph C Chen, Kenney Lu, Gloria Chen, Jaromir Horejsi, Daniel Lunghi)
2021
Void Balaur and the Rise of the Cybermercenary Industry
Summary – Full paper
(in collaboration with Feike Hacquebord)
Journalists about it: Forbes – Le Monde – Le Figaro – 20 Minutes – The Hacker News – Threat Post
TechTarget – CSO Online – BleepingComputer – The Record – DarkReading – India Times
2020
Operation DRBControl – Uncovering a Cyberespionage Campaign Targeting Gambling Companies in Southeast Asia
Summary – Full paper
(in collaboration with Daniel Lunghi, Kenney Lu, and Jamz Yaneza)
Journalists about it: BleepingComputer – CyberSecurityHelp
2019
Summary – Full paper
(in collaboration with Feike Hacquebord)
Journalists about it: Financial Post – CyberSecurity Europe – Intelligent CISO
—
Obfuscated APT33 C&Cs Used for Narrow Targeting
Full research
(in collaboration with Feike Hacquebord & Kenney Lu)
Journalists about it: ZDNet – Threat Post – DarkReading – SecurityWeek – TechRadar – Binary Defense – CyberScoop – Infosecurity Magazine – CybersecurityHelp – GBHackers
—
New SLUB Backdoor Uses GitHub, Communicates via Slack
Full research
(in collab with Elliot Cao, Jaromir Horejsi, Joseph C Chen, William Gamazo Sanchez)
Journalists about it: ZDNet – SecurityWeek – BleepingComputer – Security Intelligence – The Register – Le Monde Informatique – HackRead – TechCentral
2017
Untangling the Patchwork Cyberespionage Group
Summary – Full paper
(in collaboration with Daniel Lunghi, Jaromir Horejsi)
Journalists about it: SecurityWeek
—
Winnti Abuses GitHub for C&C Communications
Full research
(in collaboration with CSS Team)
Journalists about it: InfoWorld
2015
Operation Iron Tiger: Exploring Chinese Cyber-Espionage Attacks on United States Defense Contractors
Full paper
(in collaboration with Ziv Chang, Kenney Lu, Aaron Luo, Jay Yaneza)
Journalists about it: Forbes – SecurityWeek – TripWire – Infosecurity Magazine
—
The Spy Kittens Are Back: Rocket Kitten 2
Full paper
(in collaboration with Eyal Sela, ClearSky)
Journalists about it: SecurityWeek – SCMagazine – The Register – DarkReading – Softpedia – CyberSecurityIntelligence
—
Operation Woolen Goldfish – When Kittens Go Phishing
Summary – Full paper
(in collaboration with Kenney Lu)
Journalists about it: SecurityWeek – CyberDefenseMagazine – SpamFighter – HelpNetSecurity
2014
Operation Pitty Tiger – “The Eye of the Tiger”
Full paper
(in collab with Fabien Perigaud, Ronan Mouchoux, David Bizeul)
Journalists about it: HelpNetSecurity – SecurityWeek – InCyber – Zataz