I'm super excited to be speaking at @cyberwarcon.bsky.social
this year! The lineup looks amazing, as always. including a keynote with Dimitri Alperovitch. 🤯

Check out the full agenda here!
cyberwarcon.com/agenda-25

Join @austinlarsen.me and me next Tuesday for a deep-dive into PRC-nexus threat actor capabilities! Learn about advanced social engineering tactics, novel malware delivery, and strategies to defend your organization.

www.brighttalk.com/webcast/7451...

PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats | Google Cloud Blog A social engineering campaign leveraging signed malware, evasive tactics, and captive portal hijacking.

New GTIG blog just dropped! 🥸🇨🇳🌐💼 ”Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats"! We're analyzing an operation that has it all; AitM, social engineering, signed malware, and more! Get the full breakdown here:
cloud.google.com/blog/topics/...

What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia | Google Cloud Blog A Russia-sponsored threat actor is impersonating the U.S. Department of State, and using phishing to gain access to email accounts.

So @gabagool.ing (who will henceforth be referred to as "gabbot") and I wrote some stuff on some ASP phishing campaigns: cloud.google.com/blog/topics/...

Citizen Lab worked closely with one of the targets and shared their work on it also: citizenlab.ca/2025/06/russ...

COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs | Google Cloud Blog Russian government-backed group COLDRIVER is using LOSTKEYS malware to steal files and system information from NGOs and western targets.

I wrote some details on LOSTKEYS: malware which we directly attribute to COLDRIVER. They don't deploy it often, but we have seen it a few times and want to make people aware of it.

cloud.google.com/blog/topics/...

a man and a woman are standing next to each other in a room and the man is talking to the woman . ALT: a man and a woman are standing next to each other in a room and the man is talking to the woman .

I thought going overboard on emojis was a requirement for blog announcements?

🚨 Heads up! 🚨 APT41 is using Google Calendar 🗓️ as their latest C2 trick. GTIG just pulled back the curtain 🎭 on the TOUGHPROGRESS malware campaign and how we shut it down 💪. Dive into the details here: 🚀https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics