Attributing the Invisible

In the shadows of cyberspace, nation-states wage wars that never officially begin — and the analysts who unmask them are the most important investigators you've never heard of.

When FireEye discovered that its own network had been breached in December 2020, the trail led not to a single compromised company but to eighteen thousand organizations worldwide — including the US Treasury, the Department of Homeland Security, and the National Nuclear Security Administration. The attackers had hidden inside a routine software update for over a year. But who were they? And how do you identify a ghost that operates through stolen credentials, legitimate tools, and layers of digital anonymity?

Attributing the Invisible takes you inside the high-stakes discipline of cyber attribution — the painstaking art and science of tracing the world's most dangerous cyber operations back to the nation-states that ordered them. From the malware forensics lab to the classified briefing room, from blockchain ledgers to the courtrooms where federal prosecutors indict hackers they will never arrest, this book reveals how analysts piece together digital fingerprints that governments spend billions trying to erase.

Through twelve detailed case studies spanning China's PLA and intelligence contractors, Russia's dueling GRU and SVR, North Korea's billion-dollar bank robbers, and Iran's dissident-hunting social engineers, you will learn the actual methods used to answer the hardest question in modern intelligence: who did this, and how do we know?

You will watch analysts decode compilation timestamps that betray a Shanghai work schedule. Follow the forensic trail from a misspelled wire transfer — "fandation" instead of "foundation" — that exposed an $81 million heist. See how a forged malware fingerprint designed to frame North Korea for the Olympic Destroyer attack was unraveled through a single inconsistency in a file header. Trace stolen cryptocurrency through blockchain forensics as it moves from a $620 million theft through mixers and bridges toward Pyongyang's missile program. And understand why the most dangerous Chinese cyber operation ever discovered left behind no malware at all.

Part technical manual, part geopolitical thriller, Attributing the Invisible is for anyone who wants to understand how invisible wars are fought, how digital ghosts are unmasked, and why the ability to point a finger through the fog of cyberspace may be the most consequential intelligence capability of our time.