thought that this article might be of interest to some of the folks reading here. OceanLotus has been successfully targeting lots of companies and NGOs and across sectors. I started zooming in on them after they hacked german car-maker BMW (https://www.tagesschau.de/investigativ/br-recherche/bmw-hack...). Wanted to have a look at some of the underlying infrastructure. And this is the result. Hope you'll enjoy it. If not, let me know, what didn't work out in your view.
We released a longer version, because we do hear very often that people don't understand how these intrusions are actually working. Also, we tried to show the scale.
Who was the target audience for the long-form article? It has some technical details, but they appear to be used more for decorative effect. E.g. the string daa0 c7cb f4f0 fbcf d6d1 from the hexdump is eventually revealed to correspond to C:\Windows, but isn't actually explained. I was able to come up with the following Python for the obfuscation: [hex((i + 153) ^ ord(c)) for i, c in enumerate(r'C:\Windows')] but most of your readers probably just see a jumble of letters and numbers they're told has some significance, but which appears incomprehensible to them.
Did you do testing with focus groups to determine whether the longer article helped people "understand how these intrusions are actually working" or whether it just made readers aware that they don't understand?
We don't have focus groups, but we want to convey to our readers are certain understanding how these operations work. What threat hunting is, why it is important and all that.
At some point you have to make some certain decisions. One was not to explain what a rolling xor is. So yeah, we had to simplify a lot. The truth is, though, this stuff is hard for most people, myself included.
I didn't expect you to deliver a crash course that would allow even non-technical readers to understand all details, so I realize that you had to leave out a lot. That puts you in an awkward spot where your explanation probably creates more new questions than it answers.
Some news websites hesitate to put external links in their articles because they lead readers off the site, but I think they can be helpful to provide jumping-off points for the interested reader. For example, the git repository could be linked somewhere in the article, or as part of the "about the project" section at the end.
PS: The top-level comment of this thread was flagged and hidden, so most users won't see your replies here. You might want to post another top-level comment with the additional information you provided here, or maybe ask the mods via hn@ycombinator.com to make your replies visible.
> Some news websites hesitate to put external links in their articles because they lead readers off the site
For me, this is almost always a sign, that they don't think that high about their own content. If your content is great and you write engaging articles that are interesting to the reader, he will return. Trying to stop the reader from leaving, in a browser tab he can close at any time, is kind of ridiculous to me..
the graphics are a great addition. Seems like this is targeted towards a non-technical audience, but finally making an effort to explain what's going on technically like other STEM articles from do from generic news sources. Nice job if you're an author
