CYBERWARCON is ONE WEEK AWAY! 💣💥💻 ✉️

Check out our website to view the agenda and plan your day, read more about our speakers, or buy a last minute ticket!

We can't wait to see everyone in Arlington, VA on November 19th!

www.cyberwarcon.com

I couldn't have asked for a better venue than #RooCon25
🇦🇺 for my first Cyber Threat Intel talk! It was an amazing and surreal experience. A huge thanks to the organizers for having me and another thanks to everyone that attended!

Meet our speaker Patrick Whitsell!

Patrick has expertise in monitoring and defending against cyber espionage threat actors.

His talk, "Cyber(trade)war: Paradigm Shift in Economic Espionage", will cover the shift in PRC state-sponsored cyber espionage.

Learn more! www.cyberwarcon.com

Yes, no, maybe robot?? Which is it @wxs.bsky.social!? 🤖

I'm super excited to be speaking at @cyberwarcon.bsky.social
this year! The lineup looks amazing, as always. including a keynote with Dimitri Alperovitch. 🤯

Check out the full agenda here!
cyberwarcon.com/agenda-25

Join @austinlarsen.me and me next Tuesday for a deep-dive into PRC-nexus threat actor capabilities! Learn about advanced social engineering tactics, novel malware delivery, and strategies to defend your organization.

www.brighttalk.com/webcast/7451...

PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats | Google Cloud Blog A social engineering campaign leveraging signed malware, evasive tactics, and captive portal hijacking.

New GTIG blog just dropped! 🥸🇨🇳🌐💼 ”Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats"! We're analyzing an operation that has it all; AitM, social engineering, signed malware, and more! Get the full breakdown here:
cloud.google.com/blog/topics/...

What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia | Google Cloud Blog A Russia-sponsored threat actor is impersonating the U.S. Department of State, and using phishing to gain access to email accounts.

So @gabagool.ing (who will henceforth be referred to as "gabbot") and I wrote some stuff on some ASP phishing campaigns: cloud.google.com/blog/topics/...

Citizen Lab worked closely with one of the targets and shared their work on it also: citizenlab.ca/2025/06/russ...

COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs | Google Cloud Blog Russian government-backed group COLDRIVER is using LOSTKEYS malware to steal files and system information from NGOs and western targets.

I wrote some details on LOSTKEYS: malware which we directly attribute to COLDRIVER. They don't deploy it often, but we have seen it a few times and want to make people aware of it.

cloud.google.com/blog/topics/...

a man and a woman are standing next to each other in a room and the man is talking to the woman . ALT: a man and a woman are standing next to each other in a room and the man is talking to the woman .

I thought going overboard on emojis was a requirement for blog announcements?

🚨 Heads up! 🚨 APT41 is using Google Calendar 🗓️ as their latest C2 trick. GTIG just pulled back the curtain 🎭 on the TOUGHPROGRESS malware campaign and how we shut it down 💪. Dive into the details here: 🚀https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics