GhostNet was a large-scale electronic espionage program used to spy on individuals, organizations, and governments. The threat actors breached 1,295 computers in 103 countries over a two-year period, predominately focusing on governments in Southeast Asia. The GhostNet operation was discovered after an investigation into a potential breach of the office of the Dalai Lama in India. Investigators at the University of Toronto’s Citizen Lab confirmed that the threat actors were based in China. The report about GhostNet was one of the first publicly available in which computer security researchers outlined their methodology and backed up their claims with forensic evidence [PDF], demystifying cyber operations and demonstrating that private actors had significant capabilities to attribute threat actors.