diff --git a/2018/2018.07.23.Operation_Roman_Holiday/20180713_CSE_APT28_X-Agent_Op-Roman Holiday-Report_v6_1.pdf b/2018/2018.07.23.Operation_Roman_Holiday/20180713_CSE_APT28_X-Agent_Op-Roman Holiday-Report_v6_1.pdf
new file mode 100644
index 0000000..5ab6c76
Binary files /dev/null and b/2018/2018.07.23.Operation_Roman_Holiday/20180713_CSE_APT28_X-Agent_Op-Roman Holiday-Report_v6_1.pdf differ
diff --git a/README.md b/README.md
index 84e923a..d9e4b71 100644
--- a/README.md
+++ b/README.md
@@ -16,6 +16,8 @@ Please fire issue to me if any lost APT/Malware events/campaigns.
 * [APT search](https://cse.google.com/cse/publicurl?cx=003248445720253387346:turlh5vi4xc)
 
 ## 2018
+* Jul 13 - [[CSE CyberSec] Operation Roman Holiday – Hunting the Russian
+APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Roman%20Holiday-Report_v6_1.pdf) | [Local](../../blob/master/2018/2018.07.23.Operation_Roman_Holiday)
 * Jun XX - [[Ahnlab] [KR] Operation Red Gambler](http://image.ahnlab.com/file_upload/asecissue_files/ASEC%20REPORT_vol.91.pdf) | [Local](../../blob/master/2018/2018.06.xx.Operation_Red_Gambler)
 * Jun 26 - [[Palo Alto Networks] RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families](https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/) | [Local](../../blob/master/2018/2018.06.26.RANCOR)
 * Jun 20 - [[Symantec] Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies](https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets) | [Local](../../blob/master/2018/2018.06.20.thrip-hits-satellite-telecoms-defense-targets)