thought that this article might be of interest to some of the folks reading here. OceanLotus has been successfully targeting lots of companies and NGOs and across sectors. I started zooming in on them after they hacked german car-maker BMW (https://www.tagesschau.de/investigativ/br-recherche/bmw-hack...). Wanted to have a look at some of the underlying infrastructure. And this is the result. Hope you'll enjoy it. If not, let me know, what didn't work out in your view.
We don't have focus groups, but we want to convey to our readers are certain understanding how these operations work. What threat hunting is, why it is important and all that.
At some point you have to make some certain decisions. One was not to explain what a rolling xor is. So yeah, we had to simplify a lot. The truth is, though, this stuff is hard for most people, myself included.
We released a longer version, because we do hear very often that people don't understand how these intrusions are actually working. Also, we tried to show the scale.