Dossiers
Pieces that span agencies or countries — single operations told in depth, scandals reconstructed from primary documents, thematic surveys.
Cyber operations & breaches
Cyber operations occupy the same space — sabotage, espionage, theft, pre-positioning — that earlier intelligence services pursued through human and signals means; the public record is unusually rich because attribution and incident-response disclosure have become a sustained editorial enterprise of their own. Stuxnet, the worm deployed against the Natanz centrifuge cascade, is documented through Symantec and Langner technical analysis. The OPM, SolarWinds, and HAFNIUM dossiers reconstruct three of the most consequential intrusions of the 2010s: the Chinese MSS exfiltration of US personnel-vetting data, the Russian SVR supply-chain compromise of the Orion update channel, and the Chinese mass-exploitation of Microsoft Exchange. Vault 7 covers the 2017 disclosure of the CIA's offensive cyber arsenal. Each dossier works from the technical record and the government attribution that followed.
HAFNIUM — Microsoft Exchange
The early-2021 mass-exploitation campaign against on-premises Microsoft Exchange Server installations, in which four previously undisclosed vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 — collectively the "ProxyLogon" cluster) were exploited at scale across more than 250,000 servers globally — formally attributed by the United States, the United Kingdom, the European Union, NATO, Japan, Australia, New Zealand, and Canada in a coordinated statement of 19 July 2021 to actors associated with the People's Republic of China's Ministry of State Security.
SolarWinds — SUNBURST
The 2019–2020 supply-chain compromise of the SolarWinds Orion network-management product, in which a software-build-server intrusion enabled the surreptitious insertion of the SUNBURST trojan into legitimate signed Orion update packages distributed to approximately 18,000 customers worldwide, with subsequent active exploitation against approximately 100 high-value organisations including nine United States federal agencies — attributed by the United States Government on 15 April 2021 to the Foreign Intelligence Service of the Russian Federation (SVR).
Vault 7
The 2017 series of WikiLeaks publications of approximately 8,761 documents and files describing the cyber-tools and operational tradecraft of the Central Intelligence Agency's Center for Cyber Intelligence — sourced by former CIA software engineer Joshua Schulte, who was convicted in 2022 by the United States District Court for the Southern District of New York and sentenced in February 2024 to forty years' imprisonment.
The 2015 OPM Data Breach
The 2014–2015 cyber-intrusion campaign against the United States Office of Personnel Management — disclosed in June 2015 and attributed by the United States Government to actors associated with the People's Republic of China's Ministry of State Security — that resulted in the exfiltration of approximately 22.1 million records, including the SF-86 security-clearance background-investigation files of approximately 21.5 million current and former federal employees, contractors, and family members, and 5.6 million sets of fingerprints.
Stuxnet — Operation Olympic Games
The joint US-Israeli cyber-sabotage operation that physically damaged Iranian uranium-enrichment centrifuges at Natanz between 2007 and 2010.
How dossiers differ from agency pages
An agency page sits in one country and covers one service — its history, statutory basis, role, and the public record of its operations. A dossier crosses those boundaries. A dossier picks up an operation, a scandal, or a thematic question and follows it across whichever services and states are implicated, footnoted to primary documents and the most defensible secondary record.
The Salisbury attack is a dossier rather than an agency entry because it implicates the GRU, MI5, the SIS, the Metropolitan Police, the OPCW, and the parallel Czech investigation into Vrbětice — no single agency page can carry it. The Snowden disclosures are a dossier because they involve the NSA, GCHQ, CSE, ASD, GCSB, the partner services that received the product, the journalism that processed the archive, and the long arc of post-disclosure legal and policy change. MKULTRA is a dossier because the operation was institutional in a way that has now been substantially documented by the Senate, the Rockefeller Commission, the Church Committee, and successive declassifications.
Coverage here is editorial: dossiers are written when there is a coherent public-record account that can be reconstructed at depth. The list grows as new dossiers are written and as additional declassifications expand what can responsibly be said about cases that remain partly closed.