Project CameraShy

The U.S. government and intelligence community have long suspected China of conducting cyber espionage against military, diplomatic, and economic targets. Recently, Punch client ThreatConnect, attributed certain targeted cyber espionage activity to a specific unit of the Chinese People’s Liberation Army. ThreatConnect created a report of the findings, titled, Project CameraShy: Closing the Aperture on China’s Unit 78020. The report – the first of its kind – links the Chinese government to malicious cyber attacks. The report makes a bold claim, and ThreatConnect leaders turned to Punch Digital Strategies to enhance it with a bold brand.  

Project Background

In recent years, China has been aggressively claiming territory deeper into the South China Sea, threatening economic and political stability in the Southeast Asia and beyond. The intelligence community monitoring the territorial activity has observed cyber espionage and malware attacks, malicious attachments and spear phishing, all directed at Southeast Asian military, diplomatic, and economic targets. To date, there had been no concrete link between these attacks and the Chinese government or military. That is, until ThreatConnect connected the dots.

In Project CameraShy, ThreatConnect and partner Defense Group, Inc. (DGI), attributed certain targeted cyber espionage infrastructure activity associated with the “Naikon” Advanced Persistent Threat (APT) group to a specific unit of the Chinese People’s Liberation Army (PLA), tracing it to a single officer with Unit 78020. The report was to be released in conjunction with a Wall St. Journal article that followed the storyline. ThreatConnect executives knew the report itself had to convey information clearly, but also convey a sense of intrigue and represent the company’s brand. Leaders turned to Punch to develop the CameraShy brand, and design the report to make an impact.

Punch Solution

Our process was collaborative from the start. We began by meeting with key subject matter experts from ThreatConnect and DGI, to gain a deeper understanding of the research and intelligence. We worked with experts while the draft of the report was still in progress to design a unique “Hollywood” look and feel for the report cover and interior style. We worked with data scientists to develop compelling visualizations of complex infrastructure activity, creating timelines and graphics to make the data clear and accessible. We developed a photographic style to depict images of the suspected threat actor. At times, Punch designers and ThreatConnect analysts brainstormed together with at the whiteboard to get all ideas on the table. After the draft was complete, we provided copy editing, proofreading and full report design. The work included:

  • Brand strategy and design
  • Infographics
  • Data visualization
  • Cover design and graphics style
  • Layout and production
  • Copy editing and proofreading
  • Creation of resources web page


When the report was released and the Wall St. Journal article went live, ThreatConnect website traffic increased by 1000% in 24 hours. The report was featured in WSJ, NBC News, CNN, SC Magazine, PC Mag and numerous national and local publications. For the first time, private industry made a link between state-sponsored cyber attacks, demonstrating China’s role in malicious hacking of foreign organizations. As a result of the report the ThreatConnect team received significant media attention, and a wealth of new leads. Punch made sure that the report created a visual impact as bold as the claims the report made.

Punch Services

  • Brand design
  • Graphic design
  • Copy editing
  • Website design & development