John (@big_bad_w0lf_) Twitter Tweets • TwiCopy

RooCon

a year ago

#RooCon24 was a huge success! 🦘 Thanks to all attendees who came out to support the Aussie CTI community. This year went much smoother and we appreciate all the feedback. It's great to see so many people network and come back with incredible collaboration stories.

thumb_up_off_alt17

chat_bubble_outline1

repeat3

shareShare

John

@big_bad_w0lf_

a year ago

Throw this on a Hilux, call it bud light platinum

thumb_up_off_alt9

chat_bubble_outline1

repeat0

shareShare

Josh++

@josh_murchie

a year ago

New Year New Blog Same Threat Actors 👀 cloud.google.com/blog/topics/th… cc: John with more Ivanti-related shenanigans

thumb_up_off_alt17

chat_bubble_outline0

repeat8

shareShare

Dan Perez

@mrdanperez

a year ago

👀🚨Ivanti Connect Secure VPN Zero Day🚨👀 cloud.google.com/blog/topics/th…

thumb_up_off_alt17

chat_bubble_outline0

repeat5

shareShare

Mathew

@mittypk

a year ago

Another year, another 0-day exploited by China-nexus actors in edge devices. cloud.google.com/blog/topics/th… Great work by my colleagues John and Josh++

thumb_up_off_alt26

chat_bubble_outline0

repeat8

shareShare

Josh++

@josh_murchie

a year ago

John

thumb_up_off_alt24

chat_bubble_outline2

repeat4

shareShare

nick

@3drailforensics

a year ago

This is Frontline Intel Operations in action #FIO

thumb_up_off_alt15

chat_bubble_outline0

repeat4

shareShare

780th Military Intelligence Brigade (Cyber)

@780thc

a year ago

Mandiant has previously only observed the deployment of the SPAWN ecosystem of malware on Ivanti Connect Secure appliances by UNC5337, a China-nexus cluster of espionage activity | cloud.google.com/blog/topics/th… Mandiant (part of Google Cloud)

thumb_up_off_alt56

chat_bubble_outline0

repeat27

shareShare

nick

@3drailforensics

9 months ago

Reinforced with Frontline Intelligence Operations #FIO real world events....

thumb_up_off_alt3

chat_bubble_outline0

repeat2

shareShare

Dan Perez

@mrdanperez

9 months ago

🚨UNC3886 🇨🇳 Deploying Custom Malware to Juniper Junos OS Router🚨 👀 and ensure you are keeping your devices up to date!

thumb_up_off_alt27

chat_bubble_outline1

repeat5

shareShare

⚛️ Marcin Siedlarz

@siedlmar

9 months ago

Great work showcasing cross team collaboration from our APJ teams #APJams

thumb_up_off_alt19

chat_bubble_outline0

repeat4

shareShare

John

@big_bad_w0lf_

9 months ago

🔥 new blog covering recent UNC3886 ops. Massive S/O to all the authors for dropping such a great blog.

thumb_up_off_alt26

chat_bubble_outline0

repeat6

shareShare

Josh++

@josh_murchie

8 months ago

"GTIG assesses that UNC5221 will continue pursuing zero-day exploitation of edge devices based on their consistent history of success and aggressive operational tempo." If you're not paying attention to this TA then I don't know what to tell you 🤷‍♂️ cloud.google.com/blog/topics/th…

thumb_up_off_alt20

chat_bubble_outline1

repeat11

shareShare

John

@big_bad_w0lf_

8 months ago

Fresh off the press today is a new blog detailing our observations from in the wild exploitation of CVE-2025-22457 by UNC5221 that includes two newly observed malware families tracked as BRUSHFIRE and TRAILBLAZE. cloud.google.com/blog/topics/th…

thumb_up_off_alt29

chat_bubble_outline0

repeat7

shareShare

Dan Perez

@mrdanperez

6 months ago

Thus far we've not seen KRABDRIP in association with UNC5221 activity.

thumb_up_off_alt10

chat_bubble_outline2

repeat4

shareShare

Dan Perez

@mrdanperez

2 months ago

🚨🚨🚨🇨🇳 Actors leveraging BRICKSTORM🚨🚨🚨 cloud.google.com/blog/topics/th…

thumb_up_off_alt50

chat_bubble_outline2

repeat16

shareShare

Sarah Yoder

@sarah__yoder

2 months ago

Earlier this year, I worked one the most interesting and complex IRs of my career. The malware and techniques from that case turned out to be key TTPs observed in multiple subsequent UNC5221 cases! cloud.google.com/blog/topics/th…

thumb_up_off_alt137

chat_bubble_outline3

repeat29

shareShare