What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia | Google Cloud Blog A Russia-sponsored threat actor is impersonating the U.S. Department of State, and using phishing to gain access to email accounts.

So @gabagool.ing (who will henceforth be referred to as "gabbot") and I wrote some stuff on some ASP phishing campaigns: cloud.google.com/blog/topics/...

Citizen Lab worked closely with one of the targets and shared their work on it also: citizenlab.ca/2025/06/russ...

COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs | Google Cloud Blog Russian government-backed group COLDRIVER is using LOSTKEYS malware to steal files and system information from NGOs and western targets.

I wrote some details on LOSTKEYS: malware which we directly attribute to COLDRIVER. They don't deploy it often, but we have seen it a few times and want to make people aware of it.

cloud.google.com/blog/topics/...

a man and a woman are standing next to each other in a room and the man is talking to the woman . ALT: a man and a woman are standing next to each other in a room and the man is talking to the woman .

I thought going overboard on emojis was a requirement for blog announcements?

🚨 Heads up! 🚨 APT41 is using Google Calendar 🗓️ as their latest C2 trick. GTIG just pulled back the curtain 🎭 on the TOUGHPROGRESS malware campaign and how we shut it down 💪. Dive into the details here: 🚀https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics