// Comparison
Pegasus vs Sandworm: Which Should You Read?
Two cybersecurity books on Narrative, compared honestly: who each is for, what each does best, and which to read first.
How a Spy in Your Pocket Threatens the End of Privacy, Dignity, and Democracy
Laurent Richard, Sandrine Rigaud
The inside story of the Forbidden Stories investigation into NSO Group's Pegasus spyware, told by the journalists who ran it. The best narrative account of what commercial zero-click surveillance actually does to its targets.
A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers
Andy Greenberg
Long-form journalism on the GRU's hacking operations, the best non-technical book on what state-level cyber actually looks like.
Read this if
Skip this if
Key takeaways
- Zero-click exploitation removes the user from the security model entirely; there is no link not to tap and no mistake to avoid.
- A commercial vendor selling to governments launders state surveillance through a layer of plausible deniability that NSO exploits relentlessly.
- The targets were not just terrorists and criminals as advertised, but journalists, lawyers, activists, and heads of state.
- NotPetya was not a ransomware accident; it was a wartime weapon that overshot.
- Attribution is slow, contested, and political, but it is also possible and increasingly precise.
- The line between cybercrime and statecraft is thinner than the threat-intel literature suggests.
How they compare
We rate Sandworm higher (5/5 against 4/5 for Pegasus). For most readers, that means Sandworm is the primary pick and Pegasus is a useful follow-up.
Both books target beginner-level readers, so the choice is about topic, not difficulty.
Pegasus and Sandworm both cover Narrative, so reading them in sequence reinforces the same material from different angles.