2021: The russian army is 2nd in the world! 2022: The russian army is 2nd in Ukraine! 2023: The russian army is 2nd in russia!

While minor compared to other events happening today, will be watching closely to see how the Prigozhin Info Ops efforts diverge from those more linked directly to Russian military/security services. Previous blog by TAG here on #Prigozhin I/O: blog.google/threat-analysi…

🎯Vlad Stolyarov clem1, Bahare, and I from Google TAG, discovered two new in-the-wild 0-days that were patched today: CVE-2023-36874 and CVE-2023-36884. Big thanks to Microsoft for the quick turn around on patches! 👏🏽 #itw0days msrc.microsoft.com/update-guide/v… msrc.microsoft.com/update-guide/v…

Today, Mandiant is sharing research on the GRU’s Disruptive Playbook, drawn from insights into GRU’s full-spectrum cyber operations in Ukraine over the past year. mandiant.com/resources/blog…

Check out Gabby Roncone 🇺🇦 🇵🇸 and Dan Black’s latest blog post on the Russian GRU’s playbook in Ukraine based on findings first presented at #HagueTIX2023

Today, Mandiant (part of Google Cloud), collaboratively with Google’s TAG, is releasing research on APT29’s increased pace of phishing activity against governments, foreign embassies, and other diplomatic entities in 2023. A few high-level takeaways below: 🧵 mandiant.com/resources/blog…

APT2⃣9⃣ has had a busy few months, new joint 🤝 work from Google TAGs JA[n] and Mandiant (part of Google Cloud)'s Dan Black Luke Jenkins. Watch out, we're just getting warmed up! mandiant.com/resources/blog…

.Mandiant (part of Google Cloud) researchers observed Russia's APT29, aka Cozy Bear, pursuing governments strategically aligned with Moscow as the threat group ramps up the scope and frequency of its espionage attacks. #cybersecurity #infosec #ITsecurity bit.ly/3LFCUwf

.clem1 discovered another ITW 0-day in use by a commercial surveillance vendor: CVE-2023-5217. Thank you to Chrome for releasing a patch in TWO 🤯day!! chromereleases.googleblog.com/2023/09/stable…

Russia’s Sandworm shifts to Living Off the Land techniques targeting Ukrainian power grid in a long history of attempting to terrorize the Ukrainian population. Mandiant (part of Google Cloud) mandiant.com/resources/blog…

Zimbra 0day targeting 🇬🇷🇲🇩🇹🇳🇻🇳🇵🇰 from earlier this year - used by multiple actors! New post from Google TAGs clem1 Maddie Stone Kristen ! Mind the gap! blog.google/threat-analysi…

APT29 (Midnight Blizzard/Cozy Bear) is targeting German political parties. The SVR has been on a tear lately and their mission of keeping Putin up to date on the West's thinking is especially important at this critical moment in the war. 1/2 mandiant.com/resources/blog…

New report from Mandiant (part of Google Cloud) detailing APT29's expansion of interest beyond diplomatic missions. We judge this to be an early warning signal to other political parties and civil society groups across Europe/the West that they are also in the SVR's sights. mandiant.com/resources/blog…

In their latest blog post Mandiant's Luke Jenkins & Dan Black show how APT29 used a variant of the WINELOADER backdoor to target German political parties with a CDU-themed lure. mandiant.com/resources/blog…

Our latest research on SolarMarker's Multi-tiered Infrastructure recordedfuture.com/exploring-the-… Julian-Ferdinand

Grateful to RUSI for allowing me to share thoughts about the re-focusing of Russia’s cyber campaign to provide battlefield advantages to its conventional forces. Signals from mobile devices have become a prioritized form of targeting intelligence. rusi.org/explore-our-re…

Let’s go ahead and kick this off cloud.google.com/blog/topics/th…

LOOK!!! The #LABScon24 speaker lineup is so fire 🔥🚒🧯 labscon.io/speakers/

🆕🚨 New analysis from Google TAG on suspected APT29 waterholes against 🇲🇳 gov. n-day exploits targeting iOS and Android we first observed in use from commercial surveillance vendors🫢 more details in the blog! awesome work from clem1 and team🤝 blog.google/threat-analysi…

New from Google Threat Intelligence: An actor who may be related to APT29 is abusing ASP to target Russian critics. Collaboration with our good friends The Citizen Lab. More info on the activity and TTP in the blog. cloud.google.com/blog/topics/th…