John
Frontline Intelligence with #AdvancedPractices 🦅 @Google Threat Intel | views are my own
- I would like to throw my hat into the ring for DDG-X. Burke++
- What’s the over / under on how many Renhai‘s will be put to sea before this is canceled.
- Was on my morning run and while listening to Words to Me by Sugar Ray I realized if you change the chorus to “Xi sings these words to me” it’s a song about the CCP working for reunification with Taiwan.
- Like cmon
- what are we without the sauce
- “You can get lost in the Sauce, but without the Sauce, you are lost” Saw this Timothee Chamalet post elsewhere and immediately thought of @gabagool.ing @bigbadw0lf.bsky.social
- Reposted by John🚨🚨🚨 Google released a report on "Brickstorm" this morning — a next-level, suspected China-linked campaign targeting U.S. firms. Ultra-stealthy, 400+ day dwell times, focus on stealing IP, finding zero-days, and focused on long-term cyberespionage. cyberscoop.com/chinese-cybe...
- Reposted by JohnNot me losing my mind tracking ORBs lalalala I can't hear you over the sound of how many darned ORB networks there are 🫠
- Reposted by JohnI wrote some details on LOSTKEYS: malware which we directly attribute to COLDRIVER. They don't deploy it often, but we have seen it a few times and want to make people aware of it. cloud.google.com/blog/topics/...
- Hot off the press is a new blog detailing our observations from in the wild exploitation of CVE-2025-22457 by UNC5221 including two newly observed malware families tracked as BRUSHFIRE and TRAILBLAZE. cloud.google.com/blog/topics/...
- Reposted by John[This post could not be retrieved]
- 🔥 new blog covering recent UNC3886 ops. Massive S/O to all the authors for dropping such a great blog.
- Super happy this blog is finally released. Dive into the intricacies of backdoors targeting Juniper devices, veriexec bypass zero-day and other interesting TTPs, all with UNC3886, a China-nexus cyber espionage group as your guide! cloud.google.com/blog/topics/...
- Reposted by JohnSuper happy this blog is finally released. Dive into the intricacies of backdoors targeting Juniper devices, veriexec bypass zero-day and other interesting TTPs, all with UNC3886, a China-nexus cyber espionage group as your guide! cloud.google.com/blog/topics/...
- The universe doesn’t want me to get a pair of the Vaporfly 4s
- I did get my second pair of Superblast 2s so not a total loss
- Friday playlist brought to you by all of @stonepwn3000.bsky.social’s favorite bands open.spotify.com/playlist/4B0...
- Another absolute banger of a playlist open.spotify.com/playlist/3MG...
- Reposted by JohnWhat I feel is ashamed.
- Submitted without comment
- Shameless plus as to why being able to track akas is so valuable
- Plug*
- Reposted by JohnToday, Google Threat Intelligence is alerting the community to increasing efforts from several Russia state-aligned threat actors (GRU, FSB, etc.) to compromise Signal Messenger accounts. cloud.google.com/blog/topics/...
- Reposted by JohnFantastic work here from the MSTIC folks re: 74455. So many threads to pull. www.microsoft.com/en-us/securi...
- Next generation hater and I’m here for it
- The internal debate on whether to buy another pair of superblast 2’s or getting the Pegasus premium’s.
- After trying Neversecond a few times I don’t think I’ll use maurten again.
- Also the Superblast 2s are legit the best running shoe I’ve ever used. 300 miles, no wear on them and still bouncy as hell.
- Starting the day with homemade bagels and affogato is the way.
- Reposted by JohnMandiant has previously only observed the deployment of the SPAWN ecosystem of malware on Ivanti Connect Secure appliances by UNC5337, a China-nexus cluster of espionage activity | cloud.google.com/blog/topics/...
- Mfw I get to name some new malware
- 🔥 new blog detailing 0day exploitation of Ivanti appliances as well as some newly observed malware families tracked as PHASEJAM and DRYHOOK. We also detail activity related to the previously observed SPAWN* malware ecosystem tied to China-nexus cluster UNC5337. cloud.google.com/blog/topics/...
- Reposted by JohnMSTIC is hiring in the UK and EU for entry level and senior analyst roles! jobs.careers.microsoft.com/global/en/jo... jobs.careers.microsoft.com/global/en/jo...
- Reposted by JohnNew Year - New Ivanti Zero-Day. Almost exactly 1 year later, UNC5337 returns with their SPAWN malware family. Blog: cloud.google.com/blog/topics/...
- 🔥 new blog detailing 0day exploitation of Ivanti appliances as well as some newly observed malware families tracked as PHASEJAM and DRYHOOK. We also detail activity related to the previously observed SPAWN* malware ecosystem tied to China-nexus cluster UNC5337. cloud.google.com/blog/topics/...
- The Vaporfly 4 looks 🔥🔥🔥
- Reposted by John***BREAKING*** After loss of Tartus, Russia now has no submarines in the Mediterranean Russia’s struggle is symptomatic of wider issues. The Russian Navy is overstretched following the 2022 full-scale invasion of Ukraine and is suffering maintenance challenges. #OSINT
- Reposted by JohnThe Pentagon's annual report on Chinese military power is out. It has a number of interesting things in it. media.defense.gov/2024/Dec/18/...
- This absolute banger is finally on Spotify, I invite you all to bask in its glory open.spotify.com/track/0oSjvM...
- @stonepwn3000.bsky.social if you don’t think this crushes ill know the Creed hate is a bit.
- My backlog seeing me add more books my cart / wishlist
- It's here warontherocks.com/2024/12/the-...
- Mfw the post-injury VO2 max is back to the pre-injury VO2 max.
- Reposted by JohnFor those who who found interest in our presentations at @labscon.bsky.social and @cyberwarcon.bsky.social this year detailing Russia's espionage against frontline targets, CERT-UA has released details around one of the groups we spoke about (UNC4221) here: cert.gov.ua/article/6281...
- Reposted by JohnUnconfirmed reports that the Kremlin has asked Viktor Yanukovych to get his guest room ready…
- When you just drive straight to Damascus
- You moved your ships out of another strategic Naval base?
- Reposted by JohnMSTIC is hiring! Current roles in US and AU. The Microsoft Threat Intelligence Center (MSTIC) is recruiting experienced nation-state threat hunters with highly honed threat intel analysis skills. MSTIC is responsible for delivering timely threat intelligence across our product & services teams.
- Reposted by John
- Reposted by JohnWhat if you were a SAM operator waiting for an aircraft to enter your FOV so you could shoot it down? But the EA-6B said "In your face from outer space!" Then fired a salvo of HARMs at you from beyond your radar horizon.
- Reposted by John"Ukrainian victory will serve as the most effective deterrent to future aggression" - Tsai. The Taiwanese get it. To deter #PRC from attacking #TWN, help #UKR defeat #RUS. www.politico.com/news/2024/11...
- GNX is so damned good. Album on repeat all day.
- It’s simply too good
- This current talk at #CYBERWARCON about CN insiders selling off PII on CN citizens is fantastic. Bored, underpaid, burned out, and working at a CN telco? Just do some crime on the side!
- Reposted by John@volexity.com’s latest blog post describes in detail how a Russian APT used a new attack technique, the “Nearest Neighbor Attack”, to leverage Wi-Fi networks in close proximity to the intended target while the attacker was halfway around the world. Read more here: www.volexity.com/blog/2024/11...
- #cyberwarcon is the absolute best. Amazing talks and convos, massive shout out to @hultquist.bsky.social and the entire team for another unreal con.
- Reposted by JohnRussian spies—likely Russia's GRU intelligence agency—used a new trick to hack a victim in Washington, DC: They remotely infected another network in a building across the street, hijacked a laptop there, then breached the target organization via its Wifi. www.wired.com/story/russia...
- Beautiful Crystal City, how I’ve missed your defense contractors and hotels
- Reposted by JohnExciting news from MicroProse on the digital version of my "Littoral Commander Indo-Pacific" #wargame. I am really excited to see the early access version in April 2025. #wargaming
