780th Military Intelligence Brigade (Cyber)
@780thmibdecyber.bsky.social
Official Bluesky page of the 780th Military Intelligence Brigade (Cyber). The Army's only offensive cyberspace operations brigade (following, re-posts, and links ≠ endorsement).
Pinned
"Ubique Et Semper In Pugna" Latin for "Everywhere and always fighting" – We don't talk about what we do nor who we are in a cyber 'knife fight' with; however, we are "Everywhere and Always...In the Fight!" We are the only offensive cyberspace operations brigade in the U.S. Army.
No further updates to the 780th Military Intelligence Brigade (Cyber) social media accounts until after the government furlough.
October 1, 2025 at 10:22 AM
No further updates to the 780th Military Intelligence Brigade (Cyber) social media accounts until after the government furlough.
China’s cyberattacks, electronic espionage subverting U.S. and its allies, report says |
www.washingtontimes.com/news/2025/se... @washtimes.bsky.social
www.washingtontimes.com/news/2025/se... @washtimes.bsky.social
China’s cyberattacks, electronic espionage subverting U.S. and its allies, report says
China’s aggressive and technically advanced cyberattacks, electronic espionage and information operations are strategic weapons targeting the United States, according to a major study by an intelligen...
www.washingtontimes.com
September 30, 2025 at 12:41 PM
China’s cyberattacks, electronic espionage subverting U.S. and its allies, report says |
www.washingtontimes.com/news/2025/se... @washtimes.bsky.social
www.washingtontimes.com/news/2025/se... @washtimes.bsky.social
Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite
September 30, 2025, Unit 42 | Palo Alto
unit42.paloaltonetworks.com/phantom-taur...
September 30, 2025, Unit 42 | Palo Alto
unit42.paloaltonetworks.com/phantom-taur...
Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite
Phantom Taurus is a previously undocumented Chinese threat group. Explore how this group's distinctive toolset lead to uncovering their existence.
unit42.paloaltonetworks.com
September 30, 2025 at 11:50 AM
Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite
September 30, 2025, Unit 42 | Palo Alto
unit42.paloaltonetworks.com/phantom-taur...
September 30, 2025, Unit 42 | Palo Alto
unit42.paloaltonetworks.com/phantom-taur...
American and European officials say China’s Ministry of State Security, the civilian spy agency often called the M.S.S., in particular, has emerged as the driving force behind China’s most sophisticated cyber operations. www.nytimes.com/2025/09/28/w... @nytimes.com
How China’s Secretive Spy Agency Became a Cyber Powerhouse
www.nytimes.com
September 29, 2025 at 11:49 AM
American and European officials say China’s Ministry of State Security, the civilian spy agency often called the M.S.S., in particular, has emerged as the driving force behind China’s most sophisticated cyber operations. www.nytimes.com/2025/09/28/w... @nytimes.com
How Russia is Helping China Prepare to Seize Taiwan The Royal United Services Institute @rusi.bsky.social www.rusi.org/explore-our-...
How Russia is Helping China Prepare to Seize Taiwan
Russia has agreed to equip and train the PLA to air-drop armoured vehicles and special reconnaissance capabilities.
www.rusi.org
September 29, 2025 at 11:23 AM
How Russia is Helping China Prepare to Seize Taiwan The Royal United Services Institute @rusi.bsky.social www.rusi.org/explore-our-...
The BYTE Vol.13 Issue 4
Lethality: Training and Readiness – Soldiers / NCOs Responsibilities to Training
d34w7g4gy10iej.cloudfront.net/pubs/pdf_753...
#ArmyCyber @armycybercommand.bsky.social
Lethality: Training and Readiness – Soldiers / NCOs Responsibilities to Training
d34w7g4gy10iej.cloudfront.net/pubs/pdf_753...
#ArmyCyber @armycybercommand.bsky.social
September 26, 2025 at 2:04 PM
The BYTE Vol.13 Issue 4
Lethality: Training and Readiness – Soldiers / NCOs Responsibilities to Training
d34w7g4gy10iej.cloudfront.net/pubs/pdf_753...
#ArmyCyber @armycybercommand.bsky.social
Lethality: Training and Readiness – Soldiers / NCOs Responsibilities to Training
d34w7g4gy10iej.cloudfront.net/pubs/pdf_753...
#ArmyCyber @armycybercommand.bsky.social
Inside Salt Typhoon: China’s State-Corporate Advanced Persistent Threat | Salt Typhoon is a Chinese state-sponsored cyber threat group aligned with the Ministry of State Security (MSS), specializing in long-term espionage operations | dti.domaintools.com/inside-salt-... @domaintools.bsky.social
Inside Salt Typhoon: China’s State-Corporate Advanced Persistent Threat - DomainTools Investigations | DTI
Salt Typhoon is a Chinese state-sponsored cyber threat group aligned with the Ministry of State Security (MSS), specializing in long-term espionage operations targeting global telecommunications infra...
dti.domaintools.com
September 25, 2025 at 11:58 AM
Inside Salt Typhoon: China’s State-Corporate Advanced Persistent Threat | Salt Typhoon is a Chinese state-sponsored cyber threat group aligned with the Ministry of State Security (MSS), specializing in long-term espionage operations | dti.domaintools.com/inside-salt-... @domaintools.bsky.social
Zscaler: COLDRIVER Updates Arsenal with BAITSWITCH and SIMPLEFIX | ThreatLabz attributes this campaign with moderate confidence to the Russia-linked APT group, COLDRIVER. www.zscaler.com/blogs/securi... @zscalerinc.bsky.social
COLDRIVER Adds BAITSWITCH and SIMPLEFIX | ThreatLabz
The Russia-linked group COLDRIVER targeted dissidents and their supporters using a ClickFix technique, resulting in the deployment of BAITSWITCH and SIMPLEFIX.
www.zscaler.com
September 25, 2025 at 11:55 AM
Zscaler: COLDRIVER Updates Arsenal with BAITSWITCH and SIMPLEFIX | ThreatLabz attributes this campaign with moderate confidence to the Russia-linked APT group, COLDRIVER. www.zscaler.com/blogs/securi... @zscalerinc.bsky.social
Unit 42 examines Bookworm, a notable malware family used by Stately Taurus, a Chinese advanced persistent threat (APT) group active since at least 2012. unit42.paloaltonetworks.com/bookworm-to-...
Bookworm to Stately Taurus Using the Unit 42 Attribution Framework
We connect Bookworm malware to Chinese APT Stately Taurus using our attribution framework, enhancing our understanding of threat group tradecraft.
unit42.paloaltonetworks.com
September 25, 2025 at 11:48 AM
Unit 42 examines Bookworm, a notable malware family used by Stately Taurus, a Chinese advanced persistent threat (APT) group active since at least 2012. unit42.paloaltonetworks.com/bookworm-to-...
ESET: Malware operators collaborate with covert North Korean IT workers, posing a threat to both headhunters and job seekers | www.welivesecurity.com/en/eset-rese... @esetofficial.bsky.social
DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception
ESET researchers reveal how malware operators collaborate with covert North Korean IT workers, posing a threat to both headhunters and job seekers.
www.welivesecurity.com
September 25, 2025 at 11:43 AM
ESET: Malware operators collaborate with covert North Korean IT workers, posing a threat to both headhunters and job seekers | www.welivesecurity.com/en/eset-rese... @esetofficial.bsky.social
Recorded Future: RedNovember Targets Government, Defense, and Technology Organizations | TAG-100 is highly likely a Chinese state-sponsored threat activity group. www.recordedfuture.com/research/red...
RedNovember Targets Government, Defense, and Technology Organizations
RedNovember, a likely Chinese state-sponsored cyber-espionage group, has targeted global government, defense, and tech sectors using advanced tools like Pantegana and Cobalt Strike. Discover the lates...
www.recordedfuture.com
September 25, 2025 at 10:37 AM
Recorded Future: RedNovember Targets Government, Defense, and Technology Organizations | TAG-100 is highly likely a Chinese state-sponsored threat activity group. www.recordedfuture.com/research/red...
Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors | @mandiant.com Google Threat Intelligence Group attribute this activity to UNC5221 and closely related, suspected China-nexus threat clusters | cloud.google.com/blog/topics/...
Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors | Google Cloud Blog
BRICKSTORM is a stealthy backdoor used by suspected China-nexus actors for long-term espionage.
cloud.google.com
September 25, 2025 at 10:08 AM
Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors | @mandiant.com Google Threat Intelligence Group attribute this activity to UNC5221 and closely related, suspected China-nexus threat clusters | cloud.google.com/blog/topics/...
Silent Push Analyzes New Disinformation Campaign Targeting 2025 Moldovan Elections Connected to Legacy Moscow Influence Campaign | www.silentpush.com/blog/storm-1... @silentpush.bsky.social
Silent Push Analyzes New Disinformation Campaign Targeting 2025 Moldovan Elections Connected to Legacy Moscow Influence Campaign
Silent Push research connects a Moldovan election disinformation campaign and threat actor Storm-1679 with a 2022 Russian propaganda effort.
www.silentpush.com
September 24, 2025 at 12:28 PM
Silent Push Analyzes New Disinformation Campaign Targeting 2025 Moldovan Elections Connected to Legacy Moscow Influence Campaign | www.silentpush.com/blog/storm-1... @silentpush.bsky.social
Sanctioned Russian actor linked to new media outlet targeting Moldova | dfrlab.org/2025/09/23/s...
@dfrlab.bsky.social
@dfrlab.bsky.social
Sanctioned Russian actor linked to new media outlet targeting Moldova
REST is linked to the Russian threat actor Rybar, which targets EU countries, along with Moldova.
dfrlab.org
September 24, 2025 at 12:24 PM
Sanctioned Russian actor linked to new media outlet targeting Moldova | dfrlab.org/2025/09/23/s...
@dfrlab.bsky.social
@dfrlab.bsky.social
Unit 42 | Palo Alto - Operation Rewrite: Chinese-Speaking Threat Actors Deploy BadIIS in a Wide Scale SEO Poisoning Campaign | unit42.paloaltonetworks.com/operation-re...
Operation Rewrite: Chinese-Speaking Threat Actors Deploy BadIIS in a Wide Scale SEO Poisoning Campaign
SEO poisoning campaign "Operation Rewrite” uses a malicious IIS module called BadIIS to redirect users to unwanted websites.
unit42.paloaltonetworks.com
September 24, 2025 at 12:21 PM
Unit 42 | Palo Alto - Operation Rewrite: Chinese-Speaking Threat Actors Deploy BadIIS in a Wide Scale SEO Poisoning Campaign | unit42.paloaltonetworks.com/operation-re...
Soldiers and Civilians hosted the first of three Hackathon events to encourage teen interest in STEM (science, technology, engineering, and mathematics) at the Odenton Regional Library, Anne Arundel County Public Library, Sept. 22. www.dvidshub.net/news/549062/...
September 23, 2025 at 6:23 PM
Soldiers and Civilians hosted the first of three Hackathon events to encourage teen interest in STEM (science, technology, engineering, and mathematics) at the Odenton Regional Library, Anne Arundel County Public Library, Sept. 22. www.dvidshub.net/news/549062/...
Check Point Research has tracked waves of Nimbus Manticore activity, a mature Iran-nexus APT group, that primarily targets aerospace and defense organizations in the Middle East and Europe. research.checkpoint.com/2025/nimbus-...
Nimbus Manticore Deploys New Malware Targeting Europe - Check Point Research
Nimbus Manticore continuously attacks defense, manufacturing, telecommunications, and aviation targets aligned with the IRGC
research.checkpoint.com
September 23, 2025 at 11:24 AM
Check Point Research has tracked waves of Nimbus Manticore activity, a mature Iran-nexus APT group, that primarily targets aerospace and defense organizations in the Middle East and Europe. research.checkpoint.com/2025/nimbus-...
GitLab Threat Intelligence identified infrastructure used to distribute BeaverTail and InvisibleFerret malware | operated by North Korean nation-state threat actors | gitlab-com.gitlab.io/gl-security/... @gitlab.com
Tech Note - BeaverTail variant distributed via malicious repositories and ClickFix lure - GitLab Security Tech Notes
gitlab-com.gitlab.io
September 22, 2025 at 12:07 PM
GitLab Threat Intelligence identified infrastructure used to distribute BeaverTail and InvisibleFerret malware | operated by North Korean nation-state threat actors | gitlab-com.gitlab.io/gl-security/... @gitlab.com
Catalyst | PRODAFT: Subtle Snail (UNC1549) is an Iran-nexus espionage group which recently shifted focus to European telecom, aerospace, and defense organizations. catalyst.prodaft.com/public/repor...
Prodaft CATALYST
catalyst.prodaft.com
September 22, 2025 at 12:00 PM
Catalyst | PRODAFT: Subtle Snail (UNC1549) is an Iran-nexus espionage group which recently shifted focus to European telecom, aerospace, and defense organizations. catalyst.prodaft.com/public/repor...
ESET: Notorious APT group Turla collaborates with Gamaredon, both FSB-associated groups, to compromise high‑profile targets in Ukraine | www.welivesecurity.com/en/eset-rese... @esetofficial.bsky.social
Gamaredon X Turla collab
ESET researchers reveal how the notorious APT group Turla collaborates with fellow FSB-associated group known as Gamaredon to compromise high‑profile targets in Ukraine.
www.welivesecurity.com
September 19, 2025 at 11:26 AM
ESET: Notorious APT group Turla collaborates with Gamaredon, both FSB-associated groups, to compromise high‑profile targets in Ukraine | www.welivesecurity.com/en/eset-rese... @esetofficial.bsky.social
Recorded Future: Insikt Group has observed CopyCop, a Russian covert influence network, creating at least 200 new fictional media websites targeting the United States (US), France, and Canada www.recordedfuture.com/research/cop...
CopyCop Deepens Its Playbook with New Websites and Targets
CopyCop expands Russian influence ops with 300+ fake websites targeting the US, France, Canada & more—using AI, deepfakes, and GRU-backed infrastructure.
www.recordedfuture.com
September 18, 2025 at 12:04 PM
Recorded Future: Insikt Group has observed CopyCop, a Russian covert influence network, creating at least 200 new fictional media websites targeting the United States (US), France, and Canada www.recordedfuture.com/research/cop...
Silent Push Threat Analysts | CountLoader: Silent Push Discovers New Malware Loader Being Served in 3 Different Versions | “CountLoader” is strongly associated with Russian ransomware gangs. www.silentpush.com/blog/countlo...
@silentpush.bsky.social
@silentpush.bsky.social
CountLoader: Silent Push Discovers New Malware Loader Being Served in 3 Different Versions
Silent Push discovered a new malware loader, we're naming “CountLoader.” The threat is served in .NET, PowerShell, and JScript versions.
www.silentpush.com
September 18, 2025 at 12:02 PM
Silent Push Threat Analysts | CountLoader: Silent Push Discovers New Malware Loader Being Served in 3 Different Versions | “CountLoader” is strongly associated with Russian ransomware gangs. www.silentpush.com/blog/countlo...
@silentpush.bsky.social
@silentpush.bsky.social
Group-IB | Mapping the Infrastructure and Malware Ecosystem of MuddyWater | MuddyWater is an Iranian state-sponsored Advanced Persistent Threat group. www.group-ib.com/blog/muddywa...
www.group-ib.com
September 17, 2025 at 11:27 AM
Group-IB | Mapping the Infrastructure and Malware Ecosystem of MuddyWater | MuddyWater is an Iranian state-sponsored Advanced Persistent Threat group. www.group-ib.com/blog/muddywa...
Proofpoint | Going Underground: China-aligned TA415 Conducts U.S.-China Economic Relations Targeting Using VS Code Remote Tunnels | www.proofpoint.com/us/blog/thre... @proofpoint.com
Going Underground: China-aligned TA415 Conducts U.S.-China Economic Relations Targeting Using VS Code Remote Tunnels | Proofpoint US
What happened Throughout July and August 2025, TA415 conducted spearphishing campaigns targeting United States government, think tank, and academic organizations utilizing U.S.-China
www.proofpoint.com
September 17, 2025 at 10:15 AM
Proofpoint | Going Underground: China-aligned TA415 Conducts U.S.-China Economic Relations Targeting Using VS Code Remote Tunnels | www.proofpoint.com/us/blog/thre... @proofpoint.com
Sekoia.io’s Threat Detection and Response team closely monitors APT28 as one of its highest-priority threat actors. APT28 is identified by intelligence services as operated by Russia’s General Staff Main Intelligence Directorate | https://blog.sekoia.io/apt28-operation-phantom-net-voxel/ @sekoia.io
https://Sekoia.io’s
September 16, 2025 at 2:03 PM
Sekoia.io’s Threat Detection and Response team closely monitors APT28 as one of its highest-priority threat actors. APT28 is identified by intelligence services as operated by Russia’s General Staff Main Intelligence Directorate | https://blog.sekoia.io/apt28-operation-phantom-net-voxel/ @sekoia.io