Shane HuntleyVerified account

@ShaneHuntley

Google's Threat Analysis Group. Tweets are my own

Sunnyvale, CA
security.googleblog.com/2018/08/a-remi…
Joined March 2009
27 Photos and videos Photos and videos

Tweets

You blocked @ShaneHuntley

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @ShaneHuntley

  1. Pinned Tweet
    Jan 25

    New blog post from TAG with details of a North Korean campaign targeting security researchers working on vulnerability research and development. Stay safe out there everyone!

    41 replies 1,476 retweets 2,306 likes
    Show this thread
    Show this thread
    Undo
  2. 18 hours ago

    Quips aside, this is all a very complex topic and worth debate. I actually do think we need a more secure world and need to invest heavily in that as a matter of critical urgency. Spies are going to spy though Good intelligence saves lives.

    1 reply 1 retweet 17 likes
    Show this thread
    Show this thread
    Undo
  3. 19 hours ago

    So do the current critics of government cyber offensive technology think that Bletchley Park should have just spent the 1940s just making crypto more secure for everyone?

    14 replies 8 retweets 48 likes
    Show this thread
    Show this thread
    Undo
  4. Feb 5

    I also see this mistake regularly in cyber threat analysis. I've learned to be EXTREMELY skeptical of any opinion or analysis that starts with "Well, if *I* was government hacker...."

    Heuer called this “mirror-imaging”, mistakenly assuming that an adversary thinks like you & you can simply ask 'what would would I do if I was in his shoes': “The US perspective on what is in another country’s national interest is usually irrelevant in intelligence analysis." 5/
    Show this thread
    1 reply 29 likes
    Undo
  5. Feb 5

    (sorry no remote, no DC)

    4 replies 3 likes
    Show this thread
    Show this thread
    Undo
  6. Feb 5

    Looking to hire a great threat analyst to us in Sunnyvale (or Boulder) to analyze and counter government backed threat actors in Google TAG.

    3 replies 43 retweets 63 likes
    Show this thread
    Show this thread
    Undo
  7. Feb 4

    ALL caps should be removed. Australian citizens have a right to return to Australia. Quarantine is a hard but solvable problem especially this many months in. Stop the excuses.

    1 retweet 8 likes
    Undo
  8. Retweeted
    Feb 4

    Today we're publishing root cause analyses for the seven 0-day exploits we discovered in-the-wild in Oct 2020. Chrome, Windows, Safari, & iOS. Great work to Sergei and Mark!

    5 replies 180 retweets 503 likes
    Show this thread
    Show this thread
    Undo
  9. Feb 4

    I strongly believe that almost everyone needs to read more, write more, do more and meet less.

    3 replies 15 likes
    Show this thread
    Show this thread
    Undo
  10. Feb 4

    "endemic problems caused by those 11 layers of management, a culture of perpetual, permanent meetings, a stubborn insistance on creating every possible product no matter what" in *2006* hmmm

    2 replies 2 retweets 12 likes
    Show this thread
    Show this thread
    Undo
  11. Feb 3

    Cool job alert: Senior threat analyst position with YouTube.

    4 replies 38 retweets 71 likes
    Undo
  12. Feb 1

    Yep. My team has a counter disinformation mission but countering misinfo, ie. someone being wrong on the Internet, is not (yet) a threat intel function.

    A useful distinction: Misinformation: incorrect or misleading information. Disinformation: false information deliberately and often covertly spread in order to influence public opinion or obscure the truth. Source: Merriam-Webster dictionary.
    Show this thread
    2 replies 4 retweets 36 likes
    Undo
  13. Jan 30

    I only give one piece of advice to soon-to-be dads: You only get one day to make all the “you weren’t born yesterday” Dad jokes. Make the most of that opportunity before it passes.

    1 reply 1 retweet 45 likes
    Undo
  14. Retweeted
    Jan 28

    Normally security researchers are the ones doing the hunting. This actor was hunting security researchers.

    We're sharing additional details related to the attacks by the threat actor that Microsoft tracks as ZINC targeting security researchers. Read our analysis, and get IoCs, detection and hunting information, and recommended actions and preventive measures:
    3 replies 17 retweets 74 likes
    Show this thread
    Show this thread
    Undo
  15. Retweeted
    Jan 27
    Replying to

    We created a collaborative Graph in VirusTotal with all IOCs (to date) of this campaign, hopefully this will be useful for the security community to work together in this investigation.

    24 retweets 51 likes
    Undo
  16. Retweeted
    Jan 25

    A look at some of the malware mentioned in this Google TAG research. - Two-stage (payload in ProgramData) - AV Check (Kasp, Avast) - Basic Persistence - Multiple C2s per payload More to be done re:C2 comm (unless someone does it first)

    1 reply 97 retweets 213 likes
    Undo
  17. Retweeted
    Jan 25

    Meanwhile, on

    8 replies 109 retweets 453 likes
    Show this thread
    Show this thread
    Undo
  18. Retweeted
    Jan 25

    Loving all these posts from infosec people who have been digging through past communications to find chats with actors now revealed to have been North Korean hackers trying to ensnare security folk

    Not worthy
    5 replies 69 retweets 257 likes
    Show this thread
    Show this thread
    Undo
  19. Retweeted
    Jan 25

    WARNING! I can confirm this is true and I got hit by who sent me a Windows kernel PoC trigger. The vulnerability was real and complex to trigger. Fortunately I only ran it in VM.. in the end the VMDK I was using was actually corrupted and non-bootable, so it self-imploded

    New blog post from TAG with details of a North Korean campaign targeting security researchers working on vulnerability research and development. Stay safe out there everyone!
    Show this thread
    23 replies 487 retweets 1,072 likes
    Show this thread
    Show this thread
    Undo
  20. Jan 25

    These actors have used multiple platforms to communicate with potential targets, including Twitter, LinkedIn, Telegram, Discord, Keybase and email. We are providing a list of known accounts and IOCs in the blog post.

    25 retweets 157 likes
    Show this thread
    Show this thread
    Undo
  21. Jan 25

    In addition to targeting users via social engineering, we have also observed several cases where researchers have been compromised after visiting the actors’ blog. The victim systems were running fully patched and up-to-date Windows 10 and Chrome

    5 replies 40 retweets 179 likes
    Show this thread
    Show this thread
    Undo

@ShaneHuntley hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·