John's Avatar

John

@bigbadw0lf.bsky.social

Frontline Intelligence with #AdvancedPractices πŸ¦… @Google Threat Intel | views are my own

1,447 Followers  |  168 Following  |  59 Posts  |  Joined: 01.07.2023  |  1.9064

Latest posts by bigbadw0lf.bsky.social on Bluesky

Preview
a man wearing a blue shirt that says #out on it ALT: a man wearing a blue shirt that says #out on it
16.10.2025 22:22 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

what are we without the sauce

16.10.2025 22:16 β€” πŸ‘ 6    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0
Preview
a man in a black shirt is standing in front of a white container ALT: a man in a black shirt is standing in front of a white container
16.10.2025 22:14 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
Brickstorm malware powering β€˜next-level’ Chinese cyberespionage campaign Mandiant and Google have identified β€œBrickstorm,” a sophisticated, suspected China-linked hacking campaign targeting U.S. tech firms, legal organizations, and BPOs. The operation often goes undetected...

🚨🚨🚨 Google released a report on "Brickstorm" this morning β€” a next-level, suspected China-linked campaign targeting U.S. firms. Ultra-stealthy, 400+ day dwell times, focus on stealing IP, finding zero-days, and focused on long-term cyberespionage. cyberscoop.com/chinese-cybe...

24.09.2025 14:03 β€” πŸ‘ 69    πŸ” 48    πŸ’¬ 9    πŸ“Œ 1
Preview
a close up of a woman 's face with a purple shirt on . ALT: a close up of a woman 's face with a purple shirt on .

Not me losing my mind tracking ORBs lalalala I can't hear you over the sound of how many darned ORB networks there are 🫠

20.05.2025 11:03 β€” πŸ‘ 16    πŸ” 4    πŸ’¬ 2    πŸ“Œ 0
Post image

Patched IOT devices?

What a quaint idea.

20.05.2025 11:47 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Could I offer you another type of compromised network appliance in this trying time?

20.05.2025 11:30 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs | Google Cloud Blog Russian government-backed group COLDRIVER is using LOSTKEYS malware to steal files and system information from NGOs and western targets.

I wrote some details on LOSTKEYS: malware which we directly attribute to COLDRIVER. They don't deploy it often, but we have seen it a few times and want to make people aware of it.

cloud.google.com/blog/topics/...

07.05.2025 14:13 β€” πŸ‘ 18    πŸ” 14    πŸ’¬ 1    πŸ“Œ 1
Preview
Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) | Google Cloud Blog

Hot off the press is a new blog detailing our observations from in the wild exploitation of CVE-2025-22457 by UNC5221 including two newly observed malware families tracked as BRUSHFIRE and TRAILBLAZE.

cloud.google.com/blog/topics/...

03.04.2025 16:26 β€” πŸ‘ 15    πŸ” 7    πŸ’¬ 0    πŸ“Œ 5

πŸ”₯ new blog covering recent UNC3886 ops. Massive S/O to all the authors for dropping such a great blog.

12.03.2025 18:29 β€” πŸ‘ 9    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers | Google Cloud Blog We discovered China-nexus threat actors deployed custom backdoors on Juniper Networks’ Junos OS routers.

Super happy this blog is finally released. Dive into the intricacies of backdoors targeting Juniper devices, veriexec bypass zero-day and other interesting TTPs, all with UNC3886, a China-nexus cyber espionage group as your guide!

cloud.google.com/blog/topics/...

12.03.2025 16:25 β€” πŸ‘ 7    πŸ” 4    πŸ’¬ 0    πŸ“Œ 1

I did get my second pair of Superblast 2s so not a total loss

08.03.2025 20:27 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

The universe doesn’t want me to get a pair of the Vaporfly 4s

08.03.2025 20:23 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Divorced Dad Rock πŸ‘΄ Playlist Β· Colin Frost Β· 171 items Β· 277.3K saves

Another absolute banger of a playlist open.spotify.com/playlist/3MG...

07.03.2025 17:15 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
You Think You Hate This But You Don't Playlist Β· turkehbacon Β· 34 items Β· 2 saves

Friday playlist brought to you by all of @stonepwn3000.bsky.social’s favorite bands open.spotify.com/playlist/4B0...

07.03.2025 17:13 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

What I feel is ashamed.

28.02.2025 17:49 β€” πŸ‘ 1046    πŸ” 108    πŸ’¬ 51    πŸ“Œ 8

Only 10, you doubt me brother

22.02.2025 17:12 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Is this the gabagool I keep hearing about

22.02.2025 16:56 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Plug*

22.02.2025 16:56 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Shameless plus as to why being able to track akas is so valuable

22.02.2025 16:55 β€” πŸ‘ 6    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

Submitted without comment

22.02.2025 16:44 β€” πŸ‘ 39    πŸ” 5    πŸ’¬ 1    πŸ“Œ 2
Preview
Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger | Google Cloud Blog Russia state-aligned threat actors target Signal Messenger accounts used by individuals of interest to Russia's intelligence services.

Today, Google Threat Intelligence is alerting the community to increasing efforts from several Russia state-aligned threat actors (GRU, FSB, etc.) to compromise Signal Messenger accounts.

cloud.google.com/blog/topics/...

19.02.2025 11:05 β€” πŸ‘ 168    πŸ” 119    πŸ’¬ 3    πŸ“Œ 15
Preview
a man is sitting at a desk in a dark room with his hands on his face . ALT: a man is sitting at a desk in a dark room with his hands on his face .

Are you taking notes on a criminal conspiracy?

14.02.2025 13:17 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image 14.02.2025 13:13 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation | Microsoft Security Blog Microsoft is publishing for the first time our research into a subgroup within the Russian state actor Seashell Blizzard and its multiyear initial access operation, tracked by Microsoft Threat Intelli...

Fantastic work here from the MSTIC folks re: 74455. So many threads to pull.

www.microsoft.com/en-us/securi...

12.02.2025 19:15 β€” πŸ‘ 25    πŸ” 12    πŸ’¬ 0    πŸ“Œ 1
Preview
a man wearing a black jacket and a white hat with the letter e on it ALT: a man wearing a black jacket and a white hat with the letter e on it
10.02.2025 01:47 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Next generation hater and I’m here for it

10.02.2025 01:41 β€” πŸ‘ 7    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

The internal debate on whether to buy another pair of superblast 2’s or getting the Pegasus premium’s.

24.01.2025 16:12 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Also the Superblast 2s are legit the best running shoe I’ve ever used. 300 miles, no wear on them and still bouncy as hell.

11.01.2025 18:41 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@bigbadw0lf is following 19 prominent accounts