whatisgithub

What is aptnotes?

kbandla/aptnotes — explained in plain English

Analysis updated 2026-05-18

3,654Audience · researcherComplexity · 1/5Setup · easy

In one sentence

APTnotes is a curated, year-sorted index of links to publicly published research reports on state-sponsored cyberattack campaigns.

Mindmap

mindmap
  root((APTnotes))
    What it does
      Indexes security reports
      Sorted by year
      Links to external PDFs
    Tech stack
      Markdown index
      Box.com hosting
    Use cases
      Research APT groups
      Track historical campaigns
      Reference for journalists
    Audience
      Security researchers
      Journalists

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Research the history of a specific state-sponsored hacking group like Lazarus or Sandworm

USE CASE 2

Find published reports on a particular cyberattack campaign by year

USE CASE 3

Use the companion data repository to work with the report index programmatically

What is it built with?

Markdown

How does it compare?

kbandla/aptnotesapple/tensorflow_macosarchestra-ai/archestra
Stars3,6543,6533,653
LanguageShellTypeScript
Setup difficultyeasymoderatehard
Complexity1/53/54/5
Audienceresearcherdeveloperops devops

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

It is a link index, not software, each entry opens an external document.

So what is it?

APTnotes is a collection of publicly available security research reports about APT campaigns, organized by year. APT stands for Advanced Persistent Threat, a term used in the security industry to describe sophisticated, often state-sponsored groups that conduct targeted attacks against governments, corporations, and critical infrastructure. The reports cover groups linked to many countries, including North Korea, China, Russia, and Iran, and their activities against targets around the world. The repository does not contain code or software. It is a curated index of links pointing to PDFs and documents hosted externally, mostly on Box.com. Each entry is a dated link to a published report from a security firm or government agency. The reports describe specific attack campaigns: who was targeted, what tools were used, and how the attackers operated. The list is sorted in reverse chronological order, starting from 2023 and going back to the early days of public APT research. Hundreds of reports are catalogued across more than a decade of documented activity. Entries cover well-known groups like Lazarus (North Korea), Sandworm (Russia), Mustang Panda and OilRig (China and Middle East-linked), and many others that appear only once or twice in the public record. A companion data repository exists at github.com/aptnotes/data to make the index easier to work with programmatically. New reports can be submitted as GitHub issues there. The main APTnotes repository functions as a human-readable reference and discovery point, not a tool for automation. If you are a researcher, journalist, or analyst trying to understand the history of sophisticated cyber campaigns, this collection is a starting point. It does not analyze the reports or summarize them itself. Each link takes you to an external document you read on your own. The full README is longer than what was shown.

Copy-paste prompts

Prompt 1
Help me find APTnotes reports about a specific threat actor like Sandworm
Prompt 2
Explain what an Advanced Persistent Threat is based on this collection
Prompt 3
Show me how to use the aptnotes/data companion repository
Prompt 4
Walk me through submitting a new report as a GitHub issue

Frequently asked questions

What is aptnotes?

APTnotes is a curated, year-sorted index of links to publicly published research reports on state-sponsored cyberattack campaigns.

How hard is aptnotes to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is aptnotes for?

Mainly researcher.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.