This 2005 post from the NSA’s internal newsletter SIDToday describes cooperation between the agency and its Norwegian counterparts on surveilling Russian satellite and data networks: see the Intercept article Norway Used NSA Technology for Potentially Illegal Spying, 1 March 2018.
This excerpted GCHQ newsletter from March 2010 describes ongoing surveillance operations against Argentina: see the Intercept article Britain Used Spy Team to Shape Latin American Public Opinion on Falklands, 2 April 2015.
This GCSB presentation dated 21 March 2012 shows that the Waihopai listening station’s main target was a satellite based above the Kiribati islands: see the Sunday Star Times article Snowden files: Inside Waihopai’s domes, 8 March 2015.
This post from the NSA’s internal SIDToday newsletter, dated 6 May 2010 and attributed to the Menwith Hill station describes NSA, CSEC and GCHQ’s acquisition of emails already exfiltrated by another actor: see the Intercept article Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise, 4 February 2015.
These slides from an NSA presentation show how the automated malware deployment tool Turbine depends on a network of passive collection sensors (Turmoil), installed at locations including Fort Meade in Maryland, Misawa in Japan and Menwith Hill in the UK: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.
This NSA presentation from 3 June 2011 describes QFIRE, “a consolidated QUANTUMTHEORY platform”, that links the NSA’s enormous passive monitoring operation (TURMOIL) with the active hacking of systems undertaken by the agency’s Tailored Acess Operations division (TURBINE): see the Der Spiegel article, Inside TAO: Documents Reveal Top NSA Hacking Unit, 29 December 2013.