780th Military Intelligence Brigade (Cyber)

No further updates to the 780th Military Intelligence Brigade (Cyber) social media accounts until after the government furlough.

Predict, Prevent, and Prevail Over the PRC Cyber Threat An analysis of China’s cyber warfare and information operations to erode U.S. strategic freedom—and how to counter it

Booz Allen Hamilton: How to Predict, Prevent, and Prevail over the PRC Cyber Threat | www.boozallen.com/insights/cyb...

China’s cyberattacks, electronic espionage subverting U.S. and its allies, report says China’s aggressive and technically advanced cyberattacks, electronic espionage and information operations are strategic weapons targeting the United States, according to a major study by an intelligen...

China’s cyberattacks, electronic espionage subverting U.S. and its allies, report says |
www.washingtontimes.com/news/2025/se... @washtimes.bsky.social

Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite Phantom Taurus is a previously undocumented Chinese threat group. Explore how this group's distinctive toolset lead to uncovering their existence.

Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite
September 30, 2025, Unit 42 | Palo Alto
unit42.paloaltonetworks.com/phantom-taur...

How China’s Secretive Spy Agency Became a Cyber Powerhouse

American and European officials say China’s Ministry of State Security, the civilian spy agency often called the M.S.S., in particular, has emerged as the driving force behind China’s most sophisticated cyber operations. www.nytimes.com/2025/09/28/w... @nytimes.com

How Russia is Helping China Prepare to Seize Taiwan Russia has agreed to equip and train the PLA to air-drop armoured vehicles and special reconnaissance capabilities.

How Russia is Helping China Prepare to Seize Taiwan The Royal United Services Institute @rusi.bsky.social www.rusi.org/explore-our-...

The BYTE Vol.13 Issue 4
Lethality: Training and Readiness – Soldiers / NCOs Responsibilities to Training
d34w7g4gy10iej.cloudfront.net/pubs/pdf_753...
#ArmyCyber @armycybercommand.bsky.social

Inside Salt Typhoon: China’s State-Corporate Advanced Persistent Threat - DomainTools Investigations | DTI Salt Typhoon is a Chinese state-sponsored cyber threat group aligned with the Ministry of State Security (MSS), specializing in long-term espionage operations targeting global telecommunications infra...

Inside Salt Typhoon: China’s State-Corporate Advanced Persistent Threat | Salt Typhoon is a Chinese state-sponsored cyber threat group aligned with the Ministry of State Security (MSS), specializing in long-term espionage operations | dti.domaintools.com/inside-salt-... @domaintools.bsky.social

COLDRIVER Adds BAITSWITCH and SIMPLEFIX | ThreatLabz The Russia-linked group COLDRIVER targeted dissidents and their supporters using a ClickFix technique, resulting in the deployment of BAITSWITCH and SIMPLEFIX.

Zscaler: COLDRIVER Updates Arsenal with BAITSWITCH and SIMPLEFIX | ThreatLabz attributes this campaign with moderate confidence to the Russia-linked APT group, COLDRIVER. www.zscaler.com/blogs/securi... @zscalerinc.bsky.social

Bookworm to Stately Taurus Using the Unit 42 Attribution Framework We connect Bookworm malware to Chinese APT Stately Taurus using our attribution framework, enhancing our understanding of threat group tradecraft.

Unit 42 examines Bookworm, a notable malware family used by Stately Taurus, a Chinese advanced persistent threat (APT) group active since at least 2012. unit42.paloaltonetworks.com/bookworm-to-...

ESET: Malware operators collaborate with covert North Korean IT workers, posing a threat to both headhunters and job seekers | www.welivesecurity.com/en/eset-rese... @esetofficial.bsky.social

RedNovember Targets Government, Defense, and Technology Organizations RedNovember, a likely Chinese state-sponsored cyber-espionage group, has targeted global government, defense, and tech sectors using advanced tools like Pantegana and Cobalt Strike. Discover the lates...

Recorded Future: RedNovember Targets Government, Defense, and Technology Organizations | TAG-100 is highly likely a Chinese state-sponsored threat activity group. www.recordedfuture.com/research/red...

Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors | Google Cloud Blog BRICKSTORM is a stealthy backdoor used by suspected China-nexus actors for long-term espionage.

Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors | @mandiant.com Google Threat Intelligence Group attribute this activity to UNC5221 and closely related, suspected China-nexus threat clusters | cloud.google.com/blog/topics/...

Silent Push Analyzes New Disinformation Campaign Targeting 2025 Moldovan Elections Connected to Legacy Moscow Influence Campaign Silent Push research connects a Moldovan election disinformation campaign and threat actor Storm-1679 with a 2022 Russian propaganda effort.

Silent Push Analyzes New Disinformation Campaign Targeting 2025 Moldovan Elections Connected to Legacy Moscow Influence Campaign | www.silentpush.com/blog/storm-1... @silentpush.bsky.social

Sanctioned Russian actor linked to new media outlet targeting Moldova REST is linked to the Russian threat actor Rybar, which targets EU countries, along with Moldova.

Sanctioned Russian actor linked to new media outlet targeting Moldova | dfrlab.org/2025/09/23/s...
@dfrlab.bsky.social

Operation Rewrite: Chinese-Speaking Threat Actors Deploy BadIIS in a Wide Scale SEO Poisoning Campaign SEO poisoning campaign "Operation Rewrite” uses a malicious IIS module called BadIIS to redirect users to unwanted websites.

Unit 42 | Palo Alto - Operation Rewrite: Chinese-Speaking Threat Actors Deploy BadIIS in a Wide Scale SEO Poisoning Campaign | unit42.paloaltonetworks.com/operation-re...

Soldiers and Civilians hosted the first of three Hackathon events to encourage teen interest in STEM (science, technology, engineering, and mathematics) at the Odenton Regional Library, Anne Arundel County Public Library, Sept. 22. www.dvidshub.net/news/549062/...

Nimbus Manticore Deploys New Malware Targeting Europe - Check Point Research Nimbus Manticore continuously attacks defense, manufacturing, telecommunications, and aviation targets aligned with the IRGC

Check Point Research has tracked waves of Nimbus Manticore activity, a mature Iran-nexus APT group, that primarily targets aerospace and defense organizations in the Middle East and Europe. research.checkpoint.com/2025/nimbus-...

GitLab Threat Intelligence identified infrastructure used to distribute BeaverTail and InvisibleFerret malware | operated by North Korean nation-state threat actors | gitlab-com.gitlab.io/gl-security/... @gitlab.com

Catalyst | PRODAFT: Subtle Snail (UNC1549) is an Iran-nexus espionage group which recently shifted focus to European telecom, aerospace, and defense organizations. catalyst.prodaft.com/public/repor...

Gamaredon X Turla collab ESET researchers reveal how the notorious APT group Turla collaborates with fellow FSB-associated group known as Gamaredon to compromise high‑profile targets in Ukraine.

ESET: Notorious APT group Turla collaborates with Gamaredon, both FSB-associated groups, to compromise high‑profile targets in Ukraine | www.welivesecurity.com/en/eset-rese... @esetofficial.bsky.social

CopyCop Deepens Its Playbook with New Websites and Targets CopyCop expands Russian influence ops with 300+ fake websites targeting the US, France, Canada & more—using AI, deepfakes, and GRU-backed infrastructure.

Recorded Future: Insikt Group has observed CopyCop, a Russian covert influence network, creating at least 200 new fictional media websites targeting the United States (US), France, and Canada www.recordedfuture.com/research/cop...

CountLoader: Silent Push Discovers New Malware Loader Being Served in 3 Different Versions Silent Push discovered a new malware loader, we're naming “CountLoader.” The threat is served in .NET, PowerShell, and JScript versions.

Silent Push Threat Analysts | CountLoader: Silent Push Discovers New Malware Loader Being Served in 3 Different Versions | “CountLoader” is strongly associated with Russian ransomware gangs. www.silentpush.com/blog/countlo...
@silentpush.bsky.social

Group-IB | Mapping the Infrastructure and Malware Ecosystem of MuddyWater | MuddyWater is an Iranian state-sponsored Advanced Persistent Threat group. www.group-ib.com/blog/muddywa...

Going Underground: China-aligned TA415 Conducts U.S.-China Economic Relations Targeting Using VS Code Remote Tunnels | Proofpoint US What happened  Throughout July and August 2025, TA415 conducted spearphishing campaigns targeting United States government, think tank, and academic organizations utilizing U.S.-China

Proofpoint | Going Underground: China-aligned TA415 Conducts U.S.-China Economic Relations Targeting Using VS Code Remote Tunnels | www.proofpoint.com/us/blog/thre... @proofpoint.com

Sekoia.io’s Threat Detection and Response team closely monitors APT28 as one of its highest-priority threat actors. APT28 is identified by intelligence services as operated by Russia’s General Staff Main Intelligence Directorate | https://blog.sekoia.io/apt28-operation-phantom-net-voxel/ @sekoia.io

Russian hackers target Polish hospitals and city water supply Warsaw increases cyber security budget as Moscow makes up to 50 sabotage attempts a day, says minister

The Polish government is increasing its cyber security budget to a record €1bn this year, after Russian sabotage attempts targeted hospitals and urban water supplies. www.ft.com/content/3e7c... @financialtimes.com

Hacking Activities of Pro-Russian Cyber Crime Group Targeting Korean Companies This report systematically analyzes the cyber-attack activities of the Russia-based cybercrime group SectorJ149 in November 2024

NSHC ThreatRecon Team: Hacking Activities of Pro-Russian Cyber Crime Group Targeting Korean Companies | medium.com/@nshcthreatr...

New Zealand sanctions Russian military hackers over cyberattacks on Ukraine New Zealand has imposed sanctions on Russian military intelligence hackers accused of cyberattacks on Ukraine, including members of a notorious hacking unit previously tied to destructive malware camp...

New Zealand has imposed sanctions on Russian military intelligence hackers accused of cyberattacks on Ukraine, including members of a notorious hacking unit previously tied to destructive malware campaigns. therecord.media/new-zealand-... @therecordmedia.bsky.social

“This is our effort to make sure the Army is adapting to the future battlefield. Cyber is a key component of Army Continuous Transformation.” Principal Cyber Advisor to the Secretary of the Army Brandon Pugh | www.army.mil/article/2884...