If you can read French, I have written a book about cyberespionage, available on Amazon or in French libraries.
Thanks to my editor, Editions Eyrolles.

This page lists all public cyberespionage (APT) publications I’ve worked on through time.


Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections
(in collab with Jaromir Horejsi)
Full paper
Journalists about it: – Taipei TimesCandid TechnologiesSecurity OnlineIT Daily


Delving Deep: An Analysis of Earth Lusca’s Operations
SummaryFull paper
(in collab with Joseph C Chen, Kenney Lu, Gloria Chen, Jaromir Horejsi, Daniel Lunghi)


Void Balaur and the Rise of the Cybermercenary Industry
SummaryFull paper
(in collaboration with Feike Hacquebord)
Journalists about it: Forbes – Le Monde – Le Figaro – 20 Minutes – The Hacker News – Threat Post
TechTarget – CSO Online – BleepingComputer – The Record – DarkReading – India Times


Operation DRBControl – Uncovering a Cyberespionage Campaign Targeting Gambling Companies in Southeast Asia
SummaryFull paper
(in collaboration with Daniel Lunghi, Kenney Lu, and Jamz Yaneza)
Journalists about it: BleepingComputerCyberSecurityHelp


Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry
SummaryFull paper
(in collaboration with Feike Hacquebord)
Journalists about it: Financial PostCyberSecurity EuropeIntelligent CISO

Obfuscated APT33 C&Cs Used for Narrow Targeting
Full research
(in collaboration with Feike Hacquebord & Kenney Lu)
Journalists about it: ZDNetThreat PostDarkReadingSecurityWeekTechRadar – Binary DefenseCyberScoopInfosecurity MagazineCybersecurityHelp – GBHackers

New SLUB Backdoor Uses GitHub, Communicates via Slack
Full research
(in collab with Elliot Cao, Jaromir Horejsi, Joseph C Chen, William Gamazo Sanchez)
Journalists about it: ZDNetSecurityWeekBleepingComputerSecurity IntelligenceThe RegisterLe Monde InformatiqueHackReadTechCentral


Untangling the Patchwork Cyberespionage Group
SummaryFull paper
(in collaboration with Daniel Lunghi, Jaromir Horejsi)
Journalists about it: SecurityWeek

Winnti Abuses GitHub for C&C Communications
Full research
(in collaboration with CSS Team)
Journalists about it: InfoWorld


Operation Iron Tiger: Exploring Chinese Cyber-Espionage Attacks on United States Defense Contractors
Full paper
(in collaboration with Ziv Chang, Kenney Lu, Aaron Luo, Jay Yaneza)
Journalists about it: Forbes – SecurityWeek – TripWire – Infosecurity Magazine

The Spy Kittens Are Back: Rocket Kitten 2
Full paper
(in collaboration with Eyal Sela, ClearSky)
Journalists about it: SecurityWeek – SCMagazineThe RegisterDarkReadingSoftpediaCyberSecurityIntelligence

Operation Woolen Goldfish – When Kittens Go Phishing
SummaryFull paper
(in collaboration with Kenney Lu)
Journalists about it: SecurityWeekCyberDefenseMagazineSpamFighterHelpNetSecurity


Operation Pitty Tiger – “The Eye of the Tiger”
Full paper
(in collab with Fabien Perigaud, Ronan Mouchoux, David Bizeul)
Journalists about it: HelpNetSecurity – SecurityWeek – InCyber – Zataz