This 7 January 2008 post from NSA Menwith Hill Station’s internal Horizon newsletter describes the practice of piggybacking on other states’ computer network exploitation operations: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

This undated NSA SIGINT presentation describes nine varieties of QUANTUM malware attack, their operational status and success in the field: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.

This undated presentation from the NSA’s Expeditionary Access Operations discusses how malware techniques are used in the field: see the Intercept article The NSA Leak is Real, Snowden Documents Confirm, 19 August 2016.

This NSA presentation from 2012 discusses techniques for subverting “lawful intercept” systems used abroad: see the Intercept article A Death in Athens: Did a Rogue NSA Operation Cause the Death of a Greek Telecom Employee?, 29 September 2015.

This NSA presentation describes the staffing and activities of the Tailored Access Operations sectio based in San Antonia Texas. These included operations against Mexico’s Secretariat of Public Security (codenamed WHITETAMALE), Cuba, Columbia, Venezuela and unspecified targets in the Middle East: see the Der Spiegel article Inside TAO: Documents Reveal Top NSA Hacking Unit, 29 December […]

This April 2012 training presentation produced by Navy Information Operations Command Maryland states that “the next major conflict will start in cyberspace”: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.