We are less than a month out! 🦘🚨 The RooCon24 site FAQ is updated to answer more questions we have gotten. If you can't make it please cancel your registration from the website. We are reviewing content and you are all in for a treat 🤯😤 rsvp.withgoogle.com/events/roocon2…

Thanks ⚛️ Marcin Siedlarz, Mathew, and Dan for allowing me present ideas on how CTI can best support the Frontlines at RooCon. It was a great conference at a wonderful venue in a fabulous location City of Sydney

#RooCon24 was a huge success! 🦘 Thanks to all attendees who came out to support the Aussie CTI community. This year went much smoother and we appreciate all the feedback. It's great to see so many people network and come back with incredible collaboration stories.

New Year New Blog Same Threat Actors 👀 cloud.google.com/blog/topics/th… cc: John with more Ivanti-related shenanigans

Another year, another 0-day exploited by China-nexus actors in edge devices. cloud.google.com/blog/topics/th… Great work by my colleagues John and Josh++

Last year, we discovered custom backdoors on Juniper Networks’ Junos OS routers and attributed this to China-nexus espionage group #UNC3886. We recommend organizations to upgrade their Juniper devices and run the JMRT Quick Scan and Integrity Check. bit.ly/3DEDXvJ

Great work showcasing cross team collaboration from our APJ teams #APJams

Is there a ghost in your router? Our new blog outlines how #UNC3886 continues to deploy custom malware ecosystems for long-term access, this time targeting Juniper Networks’ Junos OS routers. 👻👻 Google Cloud cloud.google.com/blog/topics/th…

"GTIG assesses that UNC5221 will continue pursuing zero-day exploitation of edge devices based on their consistent history of success and aggressive operational tempo." If you're not paying attention to this TA then I don't know what to tell you 🤷‍♂️ cloud.google.com/blog/topics/th…

Fresh off the press today is a new blog detailing our observations from in the wild exploitation of CVE-2025-22457 by UNC5221 that includes two newly observed malware families tracked as BRUSHFIRE and TRAILBLAZE. cloud.google.com/blog/topics/th…

🎉 RooCon25 is coming! 🎉 Join us on 5-6 November for our 3rd edition! As one of Australia's key cyber threat intelligence conferences, we're building on past success to make this our best event yet. Our Call for Papers opens in just one week! [1/3]

🦘 RooCon25 Call for Papers is open! 🦘 This is your chance to share your latest insights and help us make RooCon25 the most successful edition to date! We’re waiting for submissions until 22nd of August. Find the CFP submission link and the guidelines at rsvp.withgoogle.com/events/roocon2…

Have you tracked an adversary, uncovered a novel TTP, or perfected an analytic technique? 🕵️‍♂️ The Call for Papers for RooCon25 is open, and while the initial submissions are excellent, we are actively seeking more voices. We are looking for 👉 your voice.

🚨 Final reminder that RooCon25 CFP closes August 22, 2025! 🎟️ Details on guest registration is coming next week so stay tuned for updates! 🦘 🔗 Submit Your RooCon25 Talk at: rsvp.withgoogle.com/events/roocon2…

Get your last minute submissions in!

Get ready! We are excited to announce that RooCon is planned to be a two-day conference this year, on 5-6 November 2025, packed with an amazing agenda of CTI content. 🦘 ⏲️📅 Guest registration will open next week at 0930 AEST on 2 Sep 2025 🧵 #RooCon #RooCon25 #CTI

⏰ Reminder ⏰ RooCon guest registration opens today in about an hour's time! 0930 AEST

👀🦘

🚨🚨🚨🇨🇳 Actors leveraging BRICKSTORM🚨🚨🚨 cloud.google.com/blog/topics/th…

Our team at Mandiant (part of Google Cloud) just published urgent research on an espionage campaign by China-nexus actors using the BRICKSTORM backdoor. They’ve been in victim networks undetected for over a year, targeting tech & legal sectors for IP theft and intel on US trade and national security.