780th Military Intelligence Brigade (Cyber)
@780thmibdecyber.bsky.social
Official Bluesky page of the 780th Military Intelligence Brigade (Cyber). The Army's only offensive cyberspace operations brigade (following, re-posts, and links ≠ endorsement).
Pinned
"Ubique Et Semper In Pugna" Latin for "Everywhere and always fighting" – We don't talk about what we do nor who we are in a cyber 'knife fight' with; however, we are "Everywhere and Always...In the Fight!" We are the only offensive cyberspace operations brigade in the U.S. Army.
Koi Security | DarkSpectre – a Chinese threat actor behind at least three major malware campaigns infecting over 8.8 million users in over 7 years of operation.
www.koi.ai/blog/darkspe...
www.koi.ai/blog/darkspe...
DarkSpectre: Unmasking the Threat Actor Behind 8.8 Million Infected Browsers
Koi researchers uncovered Dark Spectre — a Chinese threat actor behind three malware campaigns infecting 8.8 million users over 7 years. See how we connected ShadyPanda, GhostPoster, and The Zoom Stea...
www.koi.ai
December 31, 2025 at 3:57 PM
Koi Security | DarkSpectre – a Chinese threat actor behind at least three major malware campaigns infecting over 8.8 million users in over 7 years of operation.
www.koi.ai/blog/darkspe...
www.koi.ai/blog/darkspe...
Security Affairs: China-linked APT Mustang Panda was observed using a signed kernel-mode rootkit driver with embedded shellcode to deploy its ToneShell backdoor. securityaffairs.com/186318/secur...
Mustang Panda deploys ToneShell via signed kernel-mode rootkit driver
China-linked APT Mustang Panda used a signed kernel-mode rootkit driver to load shellcode and deploy its ToneShell backdoor.
securityaffairs.com
December 31, 2025 at 3:52 PM
Security Affairs: China-linked APT Mustang Panda was observed using a signed kernel-mode rootkit driver with embedded shellcode to deploy its ToneShell backdoor. securityaffairs.com/186318/secur...
Disrupting Iran’s UAV Proliferation to Venezuela and Iran’s Weapons Programs | The United States is sanctioning ten entities and individuals based in Iran and Venezuela. www.state.gov/releases/off... @state-department.bsky.social
Disrupting Iran’s UAV Proliferation to Venezuela and Iran’s Weapons Programs - United States Department of State
Today, the United States is sanctioning ten entities and individuals based in Iran and Venezuela. These designations include a Venezuelan company that has contributed to the sale of millions of dolla...
www.state.gov
December 31, 2025 at 10:58 AM
Disrupting Iran’s UAV Proliferation to Venezuela and Iran’s Weapons Programs | The United States is sanctioning ten entities and individuals based in Iran and Venezuela. www.state.gov/releases/off... @state-department.bsky.social
NPR: Undercover documentary reveals Russia’s propaganda efforts after invasion of Ukraine | www.npr.org/2025/12/30/n... @npr.org
Undercover documentary reveals Russia's propaganda efforts after invasion of Ukraine
"Mr. Nobody Against Putin," a film made secretly by a teacher in Russia, shows the propaganda efforts in a country at war.
www.npr.org
December 30, 2025 at 1:07 PM
NPR: Undercover documentary reveals Russia’s propaganda efforts after invasion of Ukraine | www.npr.org/2025/12/30/n... @npr.org
Inside China’s Shadow LNG Fleet Offering a Lifeline to Putin | A clandestine operation involving shell companies and high-seas maneuvers is keeping the Sino-Russian energy trade afloat. www.bloomberg.com/graphics/202... @bloomberg.com
China and Russia’s Shadow Fleet Delivers Putin a Gas Lifeline
A clandestine operation involving shell corporations and high-seas maneuvers keeps the Sino-Russian energy trade alive.
www.bloomberg.com
December 30, 2025 at 1:06 PM
Inside China’s Shadow LNG Fleet Offering a Lifeline to Putin | A clandestine operation involving shell companies and high-seas maneuvers is keeping the Sino-Russian energy trade afloat. www.bloomberg.com/graphics/202... @bloomberg.com
The Cyber Deterrence Dilemma: Parallels Between Cyber and Intelligence Special Operations
Joint Force Quarterly 119, National Defense University | ndupress.ndu.edu/Media/News/N...
Joint Force Quarterly 119, National Defense University | ndupress.ndu.edu/Media/News/N...
ndupress.ndu.edu
December 30, 2025 at 1:03 PM
The Cyber Deterrence Dilemma: Parallels Between Cyber and Intelligence Special Operations
Joint Force Quarterly 119, National Defense University | ndupress.ndu.edu/Media/News/N...
Joint Force Quarterly 119, National Defense University | ndupress.ndu.edu/Media/News/N...
The War Zone: The message is clear, China is making it known that it could, and likely will, turn ships from its behemoth of a commercial fleet into not just shooters, but arsenal ships. www.twz.com/sea/chinese-...
Chinese Cargo Ship Packed Full Of Modular Missile Launchers Emerges
China has packed a deck of a medium-sized cargo ship with 60 containerized vertical launch cells, radar, and close-in weapons.
www.twz.com
December 29, 2025 at 1:38 PM
The War Zone: The message is clear, China is making it known that it could, and likely will, turn ships from its behemoth of a commercial fleet into not just shooters, but arsenal ships. www.twz.com/sea/chinese-...
Annual Report to Congress: Military and Security Developments Involving the People's Republic of China 2025 | media.defense.gov/2025/Dec/23/...
media.defense.gov
December 24, 2025 at 1:52 PM
Annual Report to Congress: Military and Security Developments Involving the People's Republic of China 2025 | media.defense.gov/2025/Dec/23/...
North Korean agents are trying to infiltrate Amazon, chief security officer says
@nbcnews.com
www.nbcnews.com/world/north-...
@nbcnews.com
www.nbcnews.com/world/north-...
North Korean agents are trying to infiltrate Amazon, chief security officer says
“Their objective is typically straightforward: get hired, get paid, and funnel wages back to fund the regime’s weapons programs,” Stephen Schmidt wrote.
www.nbcnews.com
December 24, 2025 at 1:48 PM
North Korean agents are trying to infiltrate Amazon, chief security officer says
@nbcnews.com
www.nbcnews.com/world/north-...
@nbcnews.com
www.nbcnews.com/world/north-...
CRASHOVERRIDE: Reassessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack
@DragosInc
hub.dragos.com/hubfs/116-Wh...
@DragosInc
hub.dragos.com/hubfs/116-Wh...
hub.dragos.com
December 24, 2025 at 1:47 PM
CRASHOVERRIDE: Reassessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack
@DragosInc
hub.dragos.com/hubfs/116-Wh...
@DragosInc
hub.dragos.com/hubfs/116-Wh...
Russia is responsible for destructive and disruptive cyberattacks against Denmark | www.fe-ddis.dk/da/nyheder/2...
Rusland er ansvarlig for destruktive og forstyrrende cyberangreb mod Danmark
FE vurderer, at Rusland stod bag et destruktivt cyberangreb mod et dansk vandværk i 2024 samt overbelastningsangreb mod danske hjemmesider op til kommunal- og regionsrådsvalget i 2025.
www.fe-ddis.dk
December 24, 2025 at 1:44 PM
Russia is responsible for destructive and disruptive cyberattacks against Denmark | www.fe-ddis.dk/da/nyheder/2...
China–Cartel Nexus: The Liquidity Architecture Transforming the Global Drug Economy
December 19, 2025, New Lines Institute | D.C. Think Tank
newlinesinstitute.org/state-resili...
December 19, 2025, New Lines Institute | D.C. Think Tank
newlinesinstitute.org/state-resili...
China–Cartel Nexus: The Liquidity Architecture Transforming the Global Drug Economy - New Lines Institute
Chinese money-laundering networks (CMLNs) have quietly become the financial engine of Latin America’s drug cartels. What once appeared as isolated headlines – Chinese gambling junkets washing millions...
newlinesinstitute.org
December 19, 2025 at 1:42 PM
China–Cartel Nexus: The Liquidity Architecture Transforming the Global Drug Economy
December 19, 2025, New Lines Institute | D.C. Think Tank
newlinesinstitute.org/state-resili...
December 19, 2025, New Lines Institute | D.C. Think Tank
newlinesinstitute.org/state-resili...
The Kremlin’s brazen tactics: Russia’s shadow fleet is doubling as a spy asset, intelligence sources say
CNN
www.cnn.com/2025/12/18/e...
@cnn.com
CNN
www.cnn.com/2025/12/18/e...
@cnn.com
The Kremlin’s brazen tactics: Russia’s shadow fleet is doubling as a spy asset, intelligence sources say | CNN
Russian personnel with links to the country’s military and security services have engaged in spying in European waters while working covertly on ships carrying Russian oil, Western and Ukrainian intel...
www.cnn.com
December 19, 2025 at 1:39 PM
The Kremlin’s brazen tactics: Russia’s shadow fleet is doubling as a spy asset, intelligence sources say
CNN
www.cnn.com/2025/12/18/e...
@cnn.com
CNN
www.cnn.com/2025/12/18/e...
@cnn.com
The Danish government has accused Russia of being behind two “destructive and disruptive” cyber-attacks in what it describes as “very clear evidence” of a hybrid war. www.theguardian.com/world/2025/d... @theguardian.com
Denmark says Russia was behind two ‘destructive and disruptive’ cyber-attacks
Intelligence service says attacks were work of groups connected to Russian state in ‘clear evidence’ of hybrid war
www.theguardian.com
December 19, 2025 at 1:35 PM
The Danish government has accused Russia of being behind two “destructive and disruptive” cyber-attacks in what it describes as “very clear evidence” of a hybrid war. www.theguardian.com/world/2025/d... @theguardian.com
Acronis TRU Alliance {Hunt.io}: Hunting DPRK threats - New Global Lazarus & Kimsuky campaigns
Acronis Threat Research Unit
www.acronis.com/en/tru/posts...
Acronis Threat Research Unit
www.acronis.com/en/tru/posts...
Acronis TRU Alliance {Hunt.io}: Hunting DPRK threats - New Global Lazarus & Kimsuky campaigns
Acronis TRU and Hunt.io conduct investigation into Lazarus and Kimsuky infrastructure used in new campaigns.
www.acronis.com
December 19, 2025 at 1:34 PM
Acronis TRU Alliance {Hunt.io}: Hunting DPRK threats - New Global Lazarus & Kimsuky campaigns
Acronis Threat Research Unit
www.acronis.com/en/tru/posts...
Acronis Threat Research Unit
www.acronis.com/en/tru/posts...
North Korea Drives Record $2 Billion Crypto Theft Year, Pushing All-Time Total to $6.75 Billion
Chainalysis Team
www.chainalysis.com/blog/crypto-... @chainalysis.bsky.social
Chainalysis Team
www.chainalysis.com/blog/crypto-... @chainalysis.bsky.social
2025 Crypto Theft Reaches $3.4 Billion
North Korean hackers stole $2.02 billion in cryptocurrency in 2025, a 51% year-over-year increase, pushing their all-time total to $6.75 billion.
www.chainalysis.com
December 19, 2025 at 1:32 PM
North Korea Drives Record $2 Billion Crypto Theft Year, Pushing All-Time Total to $6.75 Billion
Chainalysis Team
www.chainalysis.com/blog/crypto-... @chainalysis.bsky.social
Chainalysis Team
www.chainalysis.com/blog/crypto-... @chainalysis.bsky.social
Prince of Persia: A Decade of Iranian Nation-State APT Campaign Activity under the Microscope
SafeBreach
www.safebreach.com/blog/prince-...
SafeBreach
www.safebreach.com/blog/prince-...
Unmasking the Evolving Iranian Prince of Persia | SafeBreach
New research unmasks the evolving Iranian "Prince of Persia" APT, detailing new Tonnerre v50 malware, C2 shift to Telegram, and increased scale.
www.safebreach.com
December 19, 2025 at 1:30 PM
Prince of Persia: A Decade of Iranian Nation-State APT Campaign Activity under the Microscope
SafeBreach
www.safebreach.com/blog/prince-...
SafeBreach
www.safebreach.com/blog/prince-...
Amazon Caught North Korean IT Worker By Tracing Keystroke Data |
www.bloomberg.com/news/newslet...
@bloomberg.com
www.bloomberg.com/news/newslet...
@bloomberg.com
Amazon Caught North Korean IT Worker By Tracing Keystroke Data
Security personnel tracked connections from a contractor.
www.bloomberg.com
December 19, 2025 at 11:29 AM
Amazon Caught North Korean IT Worker By Tracing Keystroke Data |
www.bloomberg.com/news/newslet...
@bloomberg.com
www.bloomberg.com/news/newslet...
@bloomberg.com
ESET researchers discovered a China-aligned APT group, LongNosedGoblin, which uses Group Policy to deploy cyberespionage tools across networks of governmental institutions | www.welivesecurity.com/en/eset-rese... @esetofficial.bsky.social
LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan
ESET researchers discovered a China-aligned APT group, LongNosedGoblin, which uses Group Policy to deploy cyberespionage tools across networks of governmental institutions.
www.welivesecurity.com
December 19, 2025 at 11:23 AM
ESET researchers discovered a China-aligned APT group, LongNosedGoblin, which uses Group Policy to deploy cyberespionage tools across networks of governmental institutions | www.welivesecurity.com/en/eset-rese... @esetofficial.bsky.social
Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App
December 18, 2025, The Hacker News
thehackernews.com/2025/12/kims...
December 18, 2025, The Hacker News
thehackernews.com/2025/12/kims...
Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App
North Korean group Kimsuky uses QR code phishing sites posing as CJ Logistics to spread DocSwap Android malware with RAT capabilities.
thehackernews.com
December 18, 2025 at 1:58 PM
Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App
December 18, 2025, The Hacker News
thehackernews.com/2025/12/kims...
December 18, 2025, The Hacker News
thehackernews.com/2025/12/kims...
New BeaverTail Malware Variant Linked to Lazarus Group
December 18, 2025, Infosecurity Magazine
www.infosecurity-magazine.com/news/beavert...
December 18, 2025, Infosecurity Magazine
www.infosecurity-magazine.com/news/beavert...
New BeaverTail Malware Variant Linked to Lazarus Group
A new variant of the BeaverTail malware linked to North Korean hackers has been identified targeting cryptocurrency traders and developers
www.infosecurity-magazine.com
December 18, 2025 at 1:57 PM
New BeaverTail Malware Variant Linked to Lazarus Group
December 18, 2025, Infosecurity Magazine
www.infosecurity-magazine.com/news/beavert...
December 18, 2025, Infosecurity Magazine
www.infosecurity-magazine.com/news/beavert...
The Hacker News: North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft
thehackernews.com/2025/12/nort...
thehackernews.com/2025/12/nort...
North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft
Chainalysis reports North Korea-linked hackers stole $2.02B in crypto in 2025, accounting for most global thefts and major exchange breaches.
thehackernews.com
December 18, 2025 at 1:55 PM
The Hacker News: North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft
thehackernews.com/2025/12/nort...
thehackernews.com/2025/12/nort...
Google sues alleged Chinese scam group behind massive U.S. text message phishing ring
www.nbcnews.com/tech/securit...
@nbcnews.com
www.nbcnews.com/tech/securit...
@nbcnews.com
Google sues Chinese scam ring over E-ZPass and USPS phishing texts
Google says the group’s tools enabled scammers with little technical skill to impersonate agencies like the IRS and the USPS at a massive scale.
www.nbcnews.com
December 18, 2025 at 1:50 PM
Google sues alleged Chinese scam group behind massive U.S. text message phishing ring
www.nbcnews.com/tech/securit...
@nbcnews.com
www.nbcnews.com/tech/securit...
@nbcnews.com
West now facing threats ‘once considered unimaginable’ from Russia
December 16, 2025, The Washington Examiner
www.washingtonexaminer.com/policy/defen...
December 16, 2025, The Washington Examiner
www.washingtonexaminer.com/policy/defen...
West facing threats 'once considered unimaginable' from Russia
Western countries are facing an "unprecedented volume" of possibly deadly attacks believed to be perpetrated by Russia.
www.washingtonexaminer.com
December 18, 2025 at 1:47 PM
West now facing threats ‘once considered unimaginable’ from Russia
December 16, 2025, The Washington Examiner
www.washingtonexaminer.com/policy/defen...
December 16, 2025, The Washington Examiner
www.washingtonexaminer.com/policy/defen...
Recorded Future’s Insikt Group identified a sustained credential-harvesting campaign targeting users of UKR.NET. The activity is attributed to the Russian state-sponsored threat group | www.recordedfuture.com/research/blu...
BlueDelta’s Persistent Campaign Against UKR.NET
Discover how Russia’s BlueDelta targets UKR.NET users with advanced credential-harvesting campaigns, evolving tradecraft, and multi-stage phishing techniques.
www.recordedfuture.com
December 18, 2025 at 12:09 PM
Recorded Future’s Insikt Group identified a sustained credential-harvesting campaign targeting users of UKR.NET. The activity is attributed to the Russian state-sponsored threat group | www.recordedfuture.com/research/blu...