Matthijs R. Koot
@cyberwar.nl
IT, privacy, security, democracy. PhD. PGP: 51F9 8FC9 C92A 1165 (http://keybase.io/mrkoot). Employed as IT security specialist.
Mastodon: @mrkoot@infosec.exchange
LinkedIn: /in/mrkoot
Mastodon: @mrkoot@infosec.exchange
LinkedIn: /in/mrkoot
What WeChat Knows: Pervasive First-Party Tracking in a Billion-User Super-App Ecosystem (August 2025) petsymposium.org/popets/2025/...
By Wang et al., presented at PET Symposium 2025. Open Access.
Artifacts available at @citizenlab.ca’s GitHub: github.com/citizenlab/w...
By Wang et al., presented at PET Symposium 2025. Open Access.
Artifacts available at @citizenlab.ca’s GitHub: github.com/citizenlab/w...
August 15, 2025 at 3:40 PM
What WeChat Knows: Pervasive First-Party Tracking in a Billion-User Super-App Ecosystem (August 2025) petsymposium.org/popets/2025/...
By Wang et al., presented at PET Symposium 2025. Open Access.
Artifacts available at @citizenlab.ca’s GitHub: github.com/citizenlab/w...
By Wang et al., presented at PET Symposium 2025. Open Access.
Artifacts available at @citizenlab.ca’s GitHub: github.com/citizenlab/w...
Taiwan Bounty: PRC Cross-Agency Operations Target Taiwanese Military Personnel (25 July 2025) jamestown.org/program/taiw...
Guangzhou Public Security Bureau issued “wanted” notice offering reward for information leading to apprehension of 20 retired and active personnel in Taiwan’s ICEFCOM command.
Guangzhou Public Security Bureau issued “wanted” notice offering reward for information leading to apprehension of 20 retired and active personnel in Taiwan’s ICEFCOM command.
July 26, 2025 at 4:41 PM
Taiwan Bounty: PRC Cross-Agency Operations Target Taiwanese Military Personnel (25 July 2025) jamestown.org/program/taiw...
Guangzhou Public Security Bureau issued “wanted” notice offering reward for information leading to apprehension of 20 retired and active personnel in Taiwan’s ICEFCOM command.
Guangzhou Public Security Bureau issued “wanted” notice offering reward for information leading to apprehension of 20 retired and active personnel in Taiwan’s ICEFCOM command.
Schrijver, P. (2025). Ukrainian Intelligence’s Use of Telegram in Wartime. International Journal of Intelligence and CounterIntelligence, 1–27 doi.org/10.1080/0885...
Published online 8 July 2025.
Published online 8 July 2025.
July 19, 2025 at 6:13 AM
Schrijver, P. (2025). Ukrainian Intelligence’s Use of Telegram in Wartime. International Journal of Intelligence and CounterIntelligence, 1–27 doi.org/10.1080/0885...
Published online 8 July 2025.
Published online 8 July 2025.
“Turns out you can just hack any train in the USA and take control over the brakes. This is CVE-2025-1727 and it took me 12 years to get this published.” nitter.poast.org/midwestneil/...
CISA: End-of-Train and Head-of-Train Remote Linking Protocol (10 July 2025): www.cisa.gov/news-events/...
CISA: End-of-Train and Head-of-Train Remote Linking Protocol (10 July 2025): www.cisa.gov/news-events/...
July 12, 2025 at 6:23 PM
“Turns out you can just hack any train in the USA and take control over the brakes. This is CVE-2025-1727 and it took me 12 years to get this published.” nitter.poast.org/midwestneil/...
CISA: End-of-Train and Head-of-Train Remote Linking Protocol (10 July 2025): www.cisa.gov/news-events/...
CISA: End-of-Train and Head-of-Train Remote Linking Protocol (10 July 2025): www.cisa.gov/news-events/...
The Chinese Communist Party’s influence over businesses (11 March 2025) kinacentrum.se/en/publicati...
Report (.pdf, 69 pages) www.ui.se/globalassets...
From the Swedish National China Centre (NKK), commissioned by Sweden’s MoD. Co-authored by Oscar Almén (FOI) and Hanna Carlsson (NKK).
Report (.pdf, 69 pages) www.ui.se/globalassets...
From the Swedish National China Centre (NKK), commissioned by Sweden’s MoD. Co-authored by Oscar Almén (FOI) and Hanna Carlsson (NKK).
May 17, 2025 at 5:32 PM
The Chinese Communist Party’s influence over businesses (11 March 2025) kinacentrum.se/en/publicati...
Report (.pdf, 69 pages) www.ui.se/globalassets...
From the Swedish National China Centre (NKK), commissioned by Sweden’s MoD. Co-authored by Oscar Almén (FOI) and Hanna Carlsson (NKK).
Report (.pdf, 69 pages) www.ui.se/globalassets...
From the Swedish National China Centre (NKK), commissioned by Sweden’s MoD. Co-authored by Oscar Almén (FOI) and Hanna Carlsson (NKK).
Cyber Threat Intelligence meets the Analytic Tradecraft (Dec 2024) doi.org/10.1145/3701... Open Access
'we present [a] framework aiming at [how] the quality of CTI can be improved through such a combination of traditional intelligence analysis and CTI'
In ACM Trans. on Privacy and Security 28:1.
'we present [a] framework aiming at [how] the quality of CTI can be improved through such a combination of traditional intelligence analysis and CTI'
In ACM Trans. on Privacy and Security 28:1.
February 5, 2025 at 7:49 AM
Cyber Threat Intelligence meets the Analytic Tradecraft (Dec 2024) doi.org/10.1145/3701... Open Access
'we present [a] framework aiming at [how] the quality of CTI can be improved through such a combination of traditional intelligence analysis and CTI'
In ACM Trans. on Privacy and Security 28:1.
'we present [a] framework aiming at [how] the quality of CTI can be improved through such a combination of traditional intelligence analysis and CTI'
In ACM Trans. on Privacy and Security 28:1.
Finnish Military Intelligence Review 2025 (7.5MB .pdf, January 2025, 48 pages) puolustusvoimat.fi/documents/19...
"[...] This third published [review] describes Finland’s military operating environment & developments in that environment, as well as [the] Finnish Defence Intelligence (FDI). [...]"
"[...] This third published [review] describes Finland’s military operating environment & developments in that environment, as well as [the] Finnish Defence Intelligence (FDI). [...]"
February 3, 2025 at 3:03 PM
Finnish Military Intelligence Review 2025 (7.5MB .pdf, January 2025, 48 pages) puolustusvoimat.fi/documents/19...
"[...] This third published [review] describes Finland’s military operating environment & developments in that environment, as well as [the] Finnish Defence Intelligence (FDI). [...]"
"[...] This third published [review] describes Finland’s military operating environment & developments in that environment, as well as [the] Finnish Defence Intelligence (FDI). [...]"
Commercially sourced intelligence: friend or foe? (2024) doi.org/10.1080/0268...
Authors: Vivi Ringnes Berrefjord (Norwegian Institute for Defence Studies) and Tor Erling Bjørstad (mnemonic AS).
Published online 24 December 2024 in Intelligence and National Security (INS).
Open access.
Authors: Vivi Ringnes Berrefjord (Norwegian Institute for Defence Studies) and Tor Erling Bjørstad (mnemonic AS).
Published online 24 December 2024 in Intelligence and National Security (INS).
Open access.
December 25, 2024 at 12:50 PM
Commercially sourced intelligence: friend or foe? (2024) doi.org/10.1080/0268...
Authors: Vivi Ringnes Berrefjord (Norwegian Institute for Defence Studies) and Tor Erling Bjørstad (mnemonic AS).
Published online 24 December 2024 in Intelligence and National Security (INS).
Open access.
Authors: Vivi Ringnes Berrefjord (Norwegian Institute for Defence Studies) and Tor Erling Bjørstad (mnemonic AS).
Published online 24 December 2024 in Intelligence and National Security (INS).
Open access.
New US DOD report:
Military and Security Developments Involving the People’s Republic of China 2024 (9MB .pdf, 182 pages, 18 December 2024) media.defense.gov/2024/Dec/18/...
China Military Power Report (CMPR) Fact Sheet (0.2MB .pdf, 2 pages, 18 December 2024) media.defense.gov/2024/Dec/18/...
Military and Security Developments Involving the People’s Republic of China 2024 (9MB .pdf, 182 pages, 18 December 2024) media.defense.gov/2024/Dec/18/...
China Military Power Report (CMPR) Fact Sheet (0.2MB .pdf, 2 pages, 18 December 2024) media.defense.gov/2024/Dec/18/...
December 18, 2024 at 4:12 PM
New US DOD report:
Military and Security Developments Involving the People’s Republic of China 2024 (9MB .pdf, 182 pages, 18 December 2024) media.defense.gov/2024/Dec/18/...
China Military Power Report (CMPR) Fact Sheet (0.2MB .pdf, 2 pages, 18 December 2024) media.defense.gov/2024/Dec/18/...
Military and Security Developments Involving the People’s Republic of China 2024 (9MB .pdf, 182 pages, 18 December 2024) media.defense.gov/2024/Dec/18/...
China Military Power Report (CMPR) Fact Sheet (0.2MB .pdf, 2 pages, 18 December 2024) media.defense.gov/2024/Dec/18/...
Something to Remember Us By: Device Confiscated by Russian Authorities Returned with Monokle-Type Spyware Installed (5 December 2024) citizenlab.ca/2024/12/devi... at @citizenlab.ca
December 5, 2024 at 2:14 PM
Something to Remember Us By: Device Confiscated by Russian Authorities Returned with Monokle-Type Spyware Installed (5 December 2024) citizenlab.ca/2024/12/devi... at @citizenlab.ca
Direct link to report (28MB .pdf, November 2024, 26 pages) go.recordedfuture.com/hubfs/report...
November 30, 2024 at 12:56 PM
Direct link to report (28MB .pdf, November 2024, 26 pages) go.recordedfuture.com/hubfs/report...
Joint statement by the Foreign Ministers of Finland and Germany on the severed undersea cable in the Baltic Sea (18 November 2024) www.auswaertiges-amt.de/en/newsroom/...
More: edition.cnn.com/2024/11/18/e...
More: edition.cnn.com/2024/11/18/e...
November 19, 2024 at 7:56 AM
Joint statement by the Foreign Ministers of Finland and Germany on the severed undersea cable in the Baltic Sea (18 November 2024) www.auswaertiges-amt.de/en/newsroom/...
More: edition.cnn.com/2024/11/18/e...
More: edition.cnn.com/2024/11/18/e...
Navigating the Landscape of Misinformation and Disinformation: An In-Depth Examination of Existing Frameworks (29 October 2024) www.newamerica.org/future-secur...
November 12, 2024 at 1:25 PM
Navigating the Landscape of Misinformation and Disinformation: An In-Depth Examination of Existing Frameworks (29 October 2024) www.newamerica.org/future-secur...
Principles for state approaches to commercial cyber intrusion capabilities (October 2024) www.chathamhouse.org/2024/10/prin...
Direct link to research paper (1MB .pdf, 41 pages): www.chathamhouse.org/sites/defaul...
Direct link to research paper (1MB .pdf, 41 pages): www.chathamhouse.org/sites/defaul...
October 31, 2024 at 9:44 AM
Principles for state approaches to commercial cyber intrusion capabilities (October 2024) www.chathamhouse.org/2024/10/prin...
Direct link to research paper (1MB .pdf, 41 pages): www.chathamhouse.org/sites/defaul...
Direct link to research paper (1MB .pdf, 41 pages): www.chathamhouse.org/sites/defaul...
Cyber Effects in Warfare: Categorizing the Where, What, and Why (2024) tnsr.org/2024/08/cybe...
By Jason Healey. Published in Texas Nat'l Security Review, Vol 7, Issue 4, Fall 2024.
Novel framework to assess offensive cyber ops based on circumstances of use across different phases of war.
By Jason Healey. Published in Texas Nat'l Security Review, Vol 7, Issue 4, Fall 2024.
Novel framework to assess offensive cyber ops based on circumstances of use across different phases of war.
August 27, 2024 at 6:35 AM
Cyber Effects in Warfare: Categorizing the Where, What, and Why (2024) tnsr.org/2024/08/cybe...
By Jason Healey. Published in Texas Nat'l Security Review, Vol 7, Issue 4, Fall 2024.
Novel framework to assess offensive cyber ops based on circumstances of use across different phases of war.
By Jason Healey. Published in Texas Nat'l Security Review, Vol 7, Issue 4, Fall 2024.
Novel framework to assess offensive cyber ops based on circumstances of use across different phases of war.
Covert Connections: The LinkedIn Recruitment Ruse Targeting Defense Insiders (8 May 2024) airuniversity.af.edu/JIPA/Display...
Direct link to paper (.pdf, 24 pages) media.defense.gov/2024/May/07/...
Direct link to paper (.pdf, 24 pages) media.defense.gov/2024/May/07/...
May 14, 2024 at 8:36 AM
Covert Connections: The LinkedIn Recruitment Ruse Targeting Defense Insiders (8 May 2024) airuniversity.af.edu/JIPA/Display...
Direct link to paper (.pdf, 24 pages) media.defense.gov/2024/May/07/...
Direct link to paper (.pdf, 24 pages) media.defense.gov/2024/May/07/...
Commercial Enablers of China’s Cyber-Intelligence and Information Operations (2024) digitalcommons.usf.edu/mca/vol7/iss...
Published in Military Cyber Affairs, Vol. 7, Issue 1.
Direct link to paper (0.5MB .pdf, 12 pages) digitalcommons.usf.edu/cgi/viewcont...
Published in Military Cyber Affairs, Vol. 7, Issue 1.
Direct link to paper (0.5MB .pdf, 12 pages) digitalcommons.usf.edu/cgi/viewcont...
May 7, 2024 at 4:34 AM
Commercial Enablers of China’s Cyber-Intelligence and Information Operations (2024) digitalcommons.usf.edu/mca/vol7/iss...
Published in Military Cyber Affairs, Vol. 7, Issue 1.
Direct link to paper (0.5MB .pdf, 12 pages) digitalcommons.usf.edu/cgi/viewcont...
Published in Military Cyber Affairs, Vol. 7, Issue 1.
Direct link to paper (0.5MB .pdf, 12 pages) digitalcommons.usf.edu/cgi/viewcont...
Tradecraft observations on the Reichenbach/Fischer espionage case (3 May 2024) intelnews.org/2024/05/03/0...
By Nicholas Eftimiades.
By Nicholas Eftimiades.
May 3, 2024 at 5:22 AM
Tradecraft observations on the Reichenbach/Fischer espionage case (3 May 2024) intelnews.org/2024/05/03/0...
By Nicholas Eftimiades.
By Nicholas Eftimiades.
US DOJ: Justice Department Charges Four Iranian Nationals for Multi-Year Cyber Campaign Targeting U.S. Companies (23 April 2024) www.justice.gov/opa/pr/justi...
Unsealed indictment (5.5MB .pdf, 13 pages) www.justice.gov/opa/media/13...
Reward of up to $10M & possible relocation offered.
Unsealed indictment (5.5MB .pdf, 13 pages) www.justice.gov/opa/media/13...
Reward of up to $10M & possible relocation offered.
April 25, 2024 at 12:41 PM
US DOJ: Justice Department Charges Four Iranian Nationals for Multi-Year Cyber Campaign Targeting U.S. Companies (23 April 2024) www.justice.gov/opa/pr/justi...
Unsealed indictment (5.5MB .pdf, 13 pages) www.justice.gov/opa/media/13...
Reward of up to $10M & possible relocation offered.
Unsealed indictment (5.5MB .pdf, 13 pages) www.justice.gov/opa/media/13...
Reward of up to $10M & possible relocation offered.
Russian International Money Launderer Pleads Guilty to Illicitly Procuring Large Quantities of U.S.-Manufactured Dual-Use, Military Grade Microelectronics for Russian Entities (29 February 2024) www.justice.gov/opa/pr/russi... re: OLED micro-displays
March 4, 2024 at 8:49 AM
Russian International Money Launderer Pleads Guilty to Illicitly Procuring Large Quantities of U.S.-Manufactured Dual-Use, Military Grade Microelectronics for Russian Entities (29 February 2024) www.justice.gov/opa/pr/russi... re: OLED micro-displays
NIST AI 100-2e2023: Adversarial Machine Learning - A Taxonomy and Terminology of Attacks and Mitigations (Jan 2024) csrc.nist.gov/pubs/ai/100/... (final report)
Permalink to report (1MB .pdf, Jan 2024, 106 pages) doi.org/10.6028/NIST...
Permalink to report (1MB .pdf, Jan 2024, 106 pages) doi.org/10.6028/NIST...
January 6, 2024 at 9:37 AM
NIST AI 100-2e2023: Adversarial Machine Learning - A Taxonomy and Terminology of Attacks and Mitigations (Jan 2024) csrc.nist.gov/pubs/ai/100/... (final report)
Permalink to report (1MB .pdf, Jan 2024, 106 pages) doi.org/10.6028/NIST...
Permalink to report (1MB .pdf, Jan 2024, 106 pages) doi.org/10.6028/NIST...
Image geolocation analysis diagrams: outside clues (left picture) and inside clues (right picture). Useful for OSINT.
Also available as .pdf:
1) Outside clues: github.com/seintpl/osin...
2) Inside clues: github.com/seintpl/osin...
Author: SEINT_pl
Date: 2022
Source: github.com/seintpl/osint
Also available as .pdf:
1) Outside clues: github.com/seintpl/osin...
2) Inside clues: github.com/seintpl/osin...
Author: SEINT_pl
Date: 2022
Source: github.com/seintpl/osint
December 20, 2023 at 7:06 AM
Image geolocation analysis diagrams: outside clues (left picture) and inside clues (right picture). Useful for OSINT.
Also available as .pdf:
1) Outside clues: github.com/seintpl/osin...
2) Inside clues: github.com/seintpl/osin...
Author: SEINT_pl
Date: 2022
Source: github.com/seintpl/osint
Also available as .pdf:
1) Outside clues: github.com/seintpl/osin...
2) Inside clues: github.com/seintpl/osin...
Author: SEINT_pl
Date: 2022
Source: github.com/seintpl/osint
Regulating Transnational Dissident Cyber espionage (12 December 2023) doi.org/10.1017/S002... (open access)
Peer-reviewed article by Siena Anstis, senior legal advisor at @citizenlab.ca, in Int'l & Comparative Law Quarterly (ICLQ).
In brief at Citizen Lab's blog: citizenlab.ca/2023/12/regu...
Peer-reviewed article by Siena Anstis, senior legal advisor at @citizenlab.ca, in Int'l & Comparative Law Quarterly (ICLQ).
In brief at Citizen Lab's blog: citizenlab.ca/2023/12/regu...
December 13, 2023 at 11:12 AM
Regulating Transnational Dissident Cyber espionage (12 December 2023) doi.org/10.1017/S002... (open access)
Peer-reviewed article by Siena Anstis, senior legal advisor at @citizenlab.ca, in Int'l & Comparative Law Quarterly (ICLQ).
In brief at Citizen Lab's blog: citizenlab.ca/2023/12/regu...
Peer-reviewed article by Siena Anstis, senior legal advisor at @citizenlab.ca, in Int'l & Comparative Law Quarterly (ICLQ).
In brief at Citizen Lab's blog: citizenlab.ca/2023/12/regu...
To trust or to restrict? – mapping professional perspectives on intelligence powers and oversight in the Netherlands using Q-methodology (Oomens et al., 2023) https://doi.org/10.1080/02684527.2023.2239037 (open access)
Published online on 2 Aug 2023 in Intelligence & National Security.
Published online on 2 Aug 2023 in Intelligence & National Security.
August 4, 2023 at 11:49 AM
To trust or to restrict? – mapping professional perspectives on intelligence powers and oversight in the Netherlands using Q-methodology (Oomens et al., 2023) https://doi.org/10.1080/02684527.2023.2239037 (open access)
Published online on 2 Aug 2023 in Intelligence & National Security.
Published online on 2 Aug 2023 in Intelligence & National Security.