Analysis updated 2026-05-18
Research the history of a specific state-sponsored hacking group like Lazarus or Sandworm
Find published reports on a particular cyberattack campaign by year
Use the companion data repository to work with the report index programmatically
| kbandla/aptnotes | apple/tensorflow_macos | archestra-ai/archestra | |
|---|---|---|---|
| Stars | 3,654 | 3,653 | 3,653 |
| Language | — | Shell | TypeScript |
| Setup difficulty | easy | moderate | hard |
| Complexity | 1/5 | 3/5 | 4/5 |
| Audience | researcher | developer | ops devops |
Figures from each repo's GitHub metadata at analysis time.
It is a link index, not software, each entry opens an external document.
APTnotes is a collection of publicly available security research reports about APT campaigns, organized by year. APT stands for Advanced Persistent Threat, a term used in the security industry to describe sophisticated, often state-sponsored groups that conduct targeted attacks against governments, corporations, and critical infrastructure. The reports cover groups linked to many countries, including North Korea, China, Russia, and Iran, and their activities against targets around the world. The repository does not contain code or software. It is a curated index of links pointing to PDFs and documents hosted externally, mostly on Box.com. Each entry is a dated link to a published report from a security firm or government agency. The reports describe specific attack campaigns: who was targeted, what tools were used, and how the attackers operated. The list is sorted in reverse chronological order, starting from 2023 and going back to the early days of public APT research. Hundreds of reports are catalogued across more than a decade of documented activity. Entries cover well-known groups like Lazarus (North Korea), Sandworm (Russia), Mustang Panda and OilRig (China and Middle East-linked), and many others that appear only once or twice in the public record. A companion data repository exists at github.com/aptnotes/data to make the index easier to work with programmatically. New reports can be submitted as GitHub issues there. The main APTnotes repository functions as a human-readable reference and discovery point, not a tool for automation. If you are a researcher, journalist, or analyst trying to understand the history of sophisticated cyber campaigns, this collection is a starting point. It does not analyze the reports or summarize them itself. Each link takes you to an external document you read on your own. The full README is longer than what was shown.
APTnotes is a curated, year-sorted index of links to publicly published research reports on state-sponsored cyberattack campaigns.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly researcher.
This repo across BitVibe Labs
Verify against the repo before relying on details.