Windows Remote Desktop Protocol: Remote to Rogue | Google Cloud Blog A novel phishing campaign by Russia-nexus espionage actors targeting European government and military organizations.

Excellent breakdown of the “Rogue RDP” TTP we’ve seen susp Russian APT UNC5837 using in their campaigns written by my colleague Rohit (@IzySec over on X)

Windows Remote Desktop Protocol: Remote to Rogue | Google Cloud Blog A novel phishing campaign by Russia-nexus espionage actors targeting European government and military organizations.

Windows Remote Desktop Protocol: Remote to Rogue
cloud.google.com/blog/topics/...

Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers | Google Cloud Blog We discovered China-nexus threat actors deployed custom backdoors on Juniper Networks’ Junos OS routers.

Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers @googlecloud cloud.google.com/blog/topics/...

CVE-2023-6080: A Case Study on Third-Party Installer Abuse | Google Cloud Blog Mandiant exploited flaws in the Microsoft Software Installer repair action of Lakeside Software's SysTrack installer to obtain arbitrary code execution.

CVE-2023-6080: A Case Study on Third-Party Installer Abuse @googlecloud cloud.google.com/blog/topics/...

ScatterBrain: Unmasking the Shadow of PoisonPlug's Obfuscator | Google Cloud Blog We been tracking multiple espionage operations conducted by China-nexus actors utilizing POISONPLUG.SHADOW malware.

ScatterBrain: Unmasking the Shadow of PoisonPlug's Obfuscator @googlecloud cloud.google.com/blog/topics/...

The latest Volatility 3 is now available at https://github.com/volatilityfoundation/volatility3/releases

@volatilityfoundation.org New Release: #volatility3 v2.11.0 - visit github.com/volatilityfo... for details and downloads.

#memoryforensics #dfir

New to Google Secops: Top Ten YARA-L Rules Troubleshooting Tips I’ve been asked a few times in the past month for tips that I use to troubleshoot YARA-L rules. As I thought about it, I realized this covers a lot of ground because when building detection logic, we ...

New to Google Secops: Top Ten YARA-L Rules Troubleshooting Tips www.googlecloudcommunity.com/gc/Community...

XRefer: The Gemini-Assisted Binary Navigator | Google Cloud Blog A Gemini-powered tool to reduce response and triage time when faced with increasingly large and complex malware.

XRefer: The Gemini-Assisted Binary Navigator @googlecloud cloud.google.com/blog/topics/...

cloud.google.com/blog/topics/...

cloud.google.com/blog/topics/...

virustotal.github.io/yara-x/blog/...

yay this feature is built into bluesky yay

AI Enhancing Your Adversarial Emulation | Google Cloud Blog Learn how Mandiant Red Team is using Gemini and LLMs for adversarial emulation and defense.

Nice write up from Mandiant on some practical use cases for leveraging AI to help red team operations. What are some other use cases ya’ll are thinking of? cloud.google.com/blog/topics/...

How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends | Google Cloud Blog Mandiant analyzed 138 vulnerabilities that were disclosed in 2023 and that we tracked as exploited in the wild.

The bad guys are moving faster.

Mandiant analyzed 138 vulnerabilities. 97 of them were exploited before patches were available.

#cyber

cloud.google.com/blog/topics/...

Looking for more people to follow on BlueSky? Find the @curatedintel.bsky.social folks here: go.bsky.app/Kfp62Uh

I made a Detection Engineering starter pack, will be adding more as more folks jump over to bluesky! go.bsky.app/HenXJUR

two men are standing next to each other with the words " we open it up " on the screen ALT: two men are standing next to each other with the words " we open it up " on the screen

#PIVOTcon25 registration is now OPEN 🤟📥📥📥
pivotcon.org
#CTI #ThreatResearch #ThreatIntel
Please read carefully the whole 🧵 for the rules about invite -> registration (1/5)

Empowering Gemini for Malware Analysis with Code Interpreter and Google Threat Intelligence | Google Cloud Blog When used for malware analysis, Gemini now has capabilities to address obfuscation, and obtain insights on IOCs.

cloud.google.com/blog/topics/...

UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion | Google Cloud Blog A campaign targeting Snowflake customer database instances with the intent of data theft and extortion.

#UNC5537 proved to be one of the most consequential threat actors of 2024 when they launched a campaign in April 2024 that systematically compromised misconfigured SaaS instances across over a hundred organizations.

cloud.google.com/blog/topics/...

Hello World