John
@bigbadw0lf.bsky.social
📤 1455
📥 168
📝 61
Frontline Intelligence with
#AdvancedPractices
🦅 @Google Threat Intel | views are my own
Was on my morning run and while listening to Words to Me by Sugar Ray I realized if you change the chorus to “Xi sings these words to me” it’s a song about the CCP working for reunification with Taiwan.
27 days ago
1
2
2
what are we without the sauce
add a skeleton here at some point
about 2 months ago
1
6
2
reposted by
John
Greg Otto
2 months ago
🚨🚨🚨 Google released a report on "Brickstorm" this morning — a next-level, suspected China-linked campaign targeting U.S. firms. Ultra-stealthy, 400+ day dwell times, focus on stealing IP, finding zero-days, and focused on long-term cyberespionage.
cyberscoop.com/chinese-cybe...
loading . . .
Brickstorm malware powering ‘next-level’ Chinese cyberespionage campaign
Mandiant and Google have identified “Brickstorm,” a sophisticated, suspected China-linked hacking campaign targeting U.S. tech firms, legal organizations, and BPOs. The operation often goes undetected...
https://cyberscoop.com/chinese-cyberespionage-campaign-brickstorm-mandiant-google/
8
69
49
reposted by
John
The Banshee Queen 👑
7 months ago
Not me losing my mind tracking ORBs lalalala I can't hear you over the sound of how many darned ORB networks there are 🫠
2
16
4
reposted by
John
Wesley Shields
7 months ago
I wrote some details on LOSTKEYS: malware which we directly attribute to COLDRIVER. They don't deploy it often, but we have seen it a few times and want to make people aware of it.
cloud.google.com/blog/topics/...
loading . . .
COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs | Google Cloud Blog
Russian government-backed group COLDRIVER is using LOSTKEYS malware to steal files and system information from NGOs and western targets.
https://cloud.google.com/blog/topics/threat-intelligence/coldriver-steal-documents-western-targets-ngos?e=48754805
1
18
15
Hot off the press is a new blog detailing our observations from in the wild exploitation of CVE-2025-22457 by UNC5221 including two newly observed malware families tracked as BRUSHFIRE and TRAILBLAZE.
cloud.google.com/blog/topics/...
loading . . .
Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) | Google Cloud Blog
https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability
8 months ago
0
15
12
🔥 new blog covering recent UNC3886 ops. Massive S/O to all the authors for dropping such a great blog.
add a skeleton here at some point
9 months ago
0
9
1
reposted by
John
Lasq
9 months ago
Super happy this blog is finally released. Dive into the intricacies of backdoors targeting Juniper devices, veriexec bypass zero-day and other interesting TTPs, all with UNC3886, a China-nexus cyber espionage group as your guide!
cloud.google.com/blog/topics/...
loading . . .
Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers | Google Cloud Blog
We discovered China-nexus threat actors deployed custom backdoors on Juniper Networks’ Junos OS routers.
https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers
0
7
5
The universe doesn’t want me to get a pair of the Vaporfly 4s
9 months ago
1
1
0
Friday playlist brought to you by all of
@stonepwn3000.bsky.social
’s favorite bands
open.spotify.com/playlist/4B0...
loading . . .
You Think You Hate This But You Don't
Playlist · turkehbacon · 34 items · 2 saves
https://open.spotify.com/playlist/4B0N2Ap8lCaWzWdSvqSM9y?si=JHxEwGfmSKeItyIWrWe29w&pi=iSpyW4ImRJ2RN
9 months ago
1
3
0
reposted by
John
Kori Schake
9 months ago
What I feel is ashamed.
add a skeleton here at some point
51
1046
116
Submitted without comment
9 months ago
1
39
7
reposted by
John
Dan Black
10 months ago
Today, Google Threat Intelligence is alerting the community to increasing efforts from several Russia state-aligned threat actors (GRU, FSB, etc.) to compromise Signal Messenger accounts.
cloud.google.com/blog/topics/...
loading . . .
Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger | Google Cloud Blog
Russia state-aligned threat actors target Signal Messenger accounts used by individuals of interest to Russia's intelligence services.
https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger
3
168
134
reposted by
John
Dan Black
10 months ago
Fantastic work here from the MSTIC folks re: 74455. So many threads to pull.
www.microsoft.com/en-us/securi...
loading . . .
The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation | Microsoft Security Blog
Microsoft is publishing for the first time our research into a subgroup within the Russian state actor Seashell Blizzard and its multiyear initial access operation, tracked by Microsoft Threat Intelli...
https://www.microsoft.com/en-us/security/blog/2025/02/12/the-badpilot-campaign-seashell-blizzard-subgroup-conducts-multiyear-global-access-operation/
0
25
13
Next generation hater and I’m here for it
10 months ago
1
7
0
The internal debate on whether to buy another pair of superblast 2’s or getting the Pegasus premium’s.
10 months ago
0
0
0
After trying Neversecond a few times I don’t think I’ll use maurten again.
11 months ago
1
0
0
Starting the day with homemade bagels and affogato is the way.
11 months ago
1
22
1
reposted by
John
780th Military Intelligence Brigade (Cyber)
11 months ago
Mandiant has previously only observed the deployment of the SPAWN ecosystem of malware on Ivanti Connect Secure appliances by UNC5337, a China-nexus cluster of espionage activity |
cloud.google.com/blog/topics/...
loading . . .
Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation | Google Cloud Blog
Zero-day exploitation of Ivanti Connect Secure VPN vulnerabilities since as far back as December 2024.
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day
0
8
1
Mfw I get to name some new malware
add a skeleton here at some point
11 months ago
0
10
0
reposted by
John
Matthew Kennedy
11 months ago
MSTIC is hiring in the UK and EU for entry level and senior analyst roles!
jobs.careers.microsoft.com/global/en/jo...
jobs.careers.microsoft.com/global/en/jo...
0
8
3
reposted by
John
Lasq
11 months ago
New Year - New Ivanti Zero-Day. Almost exactly 1 year later, UNC5337 returns with their SPAWN malware family. Blog:
cloud.google.com/blog/topics/...
loading . . .
Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation | Google Cloud Blog
Zero-day exploitation of Ivanti Connect Secure VPN vulnerabilities since as far back as December 2024.
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day
1
6
3
🔥 new blog detailing 0day exploitation of Ivanti appliances as well as some newly observed malware families tracked as PHASEJAM and DRYHOOK. We also detail activity related to the previously observed SPAWN* malware ecosystem tied to China-nexus cluster UNC5337.
cloud.google.com/blog/topics/...
loading . . .
Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation | Google Cloud Blog
Zero-day exploitation of Ivanti Connect Secure VPN vulnerabilities since as far back as December 2024.
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day
11 months ago
0
34
27
The Vaporfly 4 looks 🔥🔥🔥
11 months ago
0
1
0
reposted by
John
H I Sutton
11 months ago
***BREAKING*** After loss of Tartus, Russia now has no submarines in the Mediterranean Russia’s struggle is symptomatic of wider issues. The Russian Navy is overstretched following the 2022 full-scale invasion of Ukraine and is suffering maintenance challenges.
#OSINT
loading . . .
After loss of Tartus, Russia now has no submarines in the Mediterranean - Naval News
The Russian Navy is significantly weakened in the Mediterranean. The only boat known to be there has just left, leaving no Russian submarines in the Mediterranean.
https://www.navalnews.com/naval-news/2025/01/after-loss-of-tartus-russia-now-has-no-submarines-in-the-mediterranean/
18
464
109
reposted by
John
Shashank Joshi
12 months ago
The Pentagon's annual report on Chinese military power is out. It has a number of interesting things in it.
media.defense.gov/2024/Dec/18/...
3
144
66
This absolute banger is finally on Spotify, I invite you all to bask in its glory
open.spotify.com/track/0oSjvM...
loading . . .
One Last Breath - Jojo Lorenzo Remix
Creed, Jojo Lorenzo · One Last Breath (Jojo Lorenzo Remix) · Song · 2024
https://open.spotify.com/track/0oSjvM4Q8kxRvixGI0vGxL?si=gOBlyG83THeLyAp9o_eCMw&context=spotify%3Aalbum%3A6PHhYiChCjFHT8MmzuTfc4
12 months ago
1
2
0
My backlog seeing me add more books my cart / wishlist
add a skeleton here at some point
12 months ago
1
10
3
Mfw the post-injury VO2 max is back to the pre-injury VO2 max.
12 months ago
0
5
0
reposted by
John
Dan Black
12 months ago
For those who who found interest in our presentations at
@labscon.bsky.social
and
@cyberwarcon.bsky.social
this year detailing Russia's espionage against frontline targets, CERT-UA has released details around one of the groups we spoke about (UNC4221) here:
cert.gov.ua/article/6281...
loading . . .
CERT-UA
Урядова команда реагування на комп’ютерні надзвичайні події України, яка функціонує в складі Державної служби спеціального зв’язку та захисту інформації України.
https://cert.gov.ua/article/6281632
1
26
13
reposted by
John
Mark MacKinnon
12 months ago
Unconfirmed reports that the Kremlin has asked Viktor Yanukovych to get his guest room ready…
5
134
16
When you just drive straight to Damascus
add a skeleton here at some point
12 months ago
0
5
0
You moved your ships out of another strategic Naval base?
12 months ago
0
58
3
reposted by
John
Matthew Kennedy
12 months ago
MSTIC is hiring! Current roles in US and AU. The Microsoft Threat Intelligence Center (MSTIC) is recruiting experienced nation-state threat hunters with highly honed threat intel analysis skills. MSTIC is responsible for delivering timely threat intelligence across our product & services teams.
4
115
40
reposted by
John
Drunk Binary
about 1 year ago
@bigbadw0lf.bsky.social
www.instagram.com/share/reel/_...
loading . . .
Login • Instagram
Welcome back to Instagram. Sign in to check out what your friends, family & interests have been capturing & sharing around the world.
https://www.instagram.com/share/reel/_2X_7WaD6
2
3
1
reposted by
John
Zach
about 1 year ago
What if you were a SAM operator waiting for an aircraft to enter your FOV so you could shoot it down? But the EA-6B said "In your face from outer space!" Then fired a salvo of HARMs at you from beyond your radar horizon.
add a skeleton here at some point
5
134
17
reposted by
John
Brian Kerg
about 1 year ago
"Ukrainian victory will serve as the most effective deterrent to future aggression" - Tsai. The Taiwanese get it. To deter
#PRC
from attacking
#TWN
, help
#UKR
defeat
#RUS
.
www.politico.com/news/2024/11...
loading . . .
Taiwan’s former president says Ukraine needs US weapons more urgently than Taipei
Tsai Ing-wen’s comments come after a top U.S. military leader said supplying U.S. weapons to Kyiv was cutting into stockpiles that could be used in a war in Asia.
https://www.politico.com/news/2024/11/23/taiwans-former-president-says-ukraine-needs-u-s-weapons-more-urgently-than-taipei-00191400
2
153
40
GNX is so damned good. Album on repeat all day.
about 1 year ago
0
7
1
It’s simply too good
add a skeleton here at some point
about 1 year ago
0
7
0
reposted by
John
Volexity
about 1 year ago
@volexity.com
’s latest blog post describes in detail how a Russian APT used a new attack technique, the “Nearest Neighbor Attack”, to leverage Wi-Fi networks in close proximity to the intended target while the attacker was halfway around the world. Read more here:
www.volexity.com/blog/2024/11...
loading . . .
The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access
In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever w...
https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/
2
81
54
#cyberwarcon
is the absolute best. Amazing talks and convos, massive shout out to
@hultquist.bsky.social
and the entire team for another unreal con.
about 1 year ago
0
21
2
reposted by
John
Andy Greenberg
about 1 year ago
Russian spies—likely Russia's GRU intelligence agency—used a new trick to hack a victim in Washington, DC: They remotely infected another network in a building across the street, hijacked a laptop there, then breached the target organization via its Wifi.
www.wired.com/story/russia...
loading . . .
Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack
In a first, Russia's APT28 hacking group appears to have remotely breached the Wi-Fi of an espionage target by hijacking a laptop in another building across the street.
https://www.wired.com/story/russia-gru-apt28-wifi-daisy-chain-breach/
12
580
375
Beautiful Crystal City, how I’ve missed your defense contractors and hotels
about 1 year ago
0
11
0
reposted by
John
Sebastian Bae
about 1 year ago
Exciting news from MicroProse on the digital version of my "Littoral Commander Indo-Pacific"
#wargame
. I am really excited to see the early access version in April 2025.
#wargaming
7
143
35
add a skeleton here at some point
about 1 year ago
0
4
0
reposted by
John
David Oxley at #CYBERWARCON
about 1 year ago
I’ve created a Starter Pack around cyber threat intelligence to make it easier to find that community here on Bluesky. Let me know of folks I missed, as I’m sure there are many!
go.bsky.app/TxQYHap
add a skeleton here at some point
32
186
74
Super hype as always for CYBERWARCON. The talk lineup is 🔥🔥🔥
add a skeleton here at some point
about 1 year ago
1
10
1
Full Send
add a skeleton here at some point
about 1 year ago
0
5
0
reposted by
John
David Oxley at #CYBERWARCON
about 1 year ago
About damn time 🇺🇦
www.nytimes.com/2024/11/17/u...
loading . . .
Biden Allows Ukraine to Strike Russia With Long-Range U.S. Missiles
With two months left in office, the president for the first time authorized the Ukrainian military to use the system known as ATACMS to help defend its forces in the Kursk region of Russia.
https://www.nytimes.com/2024/11/17/us/politics/biden-ukraine-russia-atacms-missiles.html?smid=nytcore-ios-share
1
61
13
Load more
feeds!
log in
