Olivia
Online
Leon Chang
@leonchangtw
Threat Researcher @TRENDMICRORSRCH
Taiwan
Joined January 2019
456 Following
120 Followers
129 Posts
Pinned Tweet
We first introduced the term “Premier Pass” during my talk at @pivot_con — describing a trend of advanced collaboration among China-aligned APT groups like Earth Estries & Earth Naga.
Today, we published a blog post that explores the concept in depth.
https://t.co/vgIq4IFGJ9
#ESETresearch has discovered a supply-chain attack targeting stock investors in 🇻🇳Vietnam, distributing SPECTRALVIPER through the update mechanism of the FireAnt Metakit stock investment platform. https://t.co/kquAp6fM8b 1/4
https://t.co/DDrdRSaLzn
‼️At the end of last year, there was a series of coordinated attacks in Polish cyberspace.
📌Today, our team is publishing a report describing the technical analysis of these events. We show the scheme of operation and the tools used by the attackers.
➡️https://t.co/A7EuPsL12h
Who to follow
Dan Perez 
@MrDanPerez
Technical Lead, 🇨🇳 Mission @Google GTIG. Specializing in tracking and attribution of China-Nexus Threats, and making life difficult for them.
avallach (@[email protected])
@xorhex
🇺🇦Malware Researcher 🇺🇦
Tweets are my own and do not reflect my employer.
On Mastodon as @[email protected]
Creator of https://t.co/woQLhjSmV0
Kay Kyoung-ju Kwak
@kjkwak12
Head of Xint at Theori (https://t.co/PmYYGqEtbL) | https://t.co/yNrH8e9LT2
#JSAC2026 の全てのプログラムを公開しました。詳しくはタイムテーブルをご覧ください。 ^AS
https://t.co/2F3jGNF2hr
You asked for our traditional #CfP meme-guideline for #PIVOTcon26 - here it is 🥳🎉
Reminder:
- one track,30m
- no recording/streaming/tweeting.
- No TLP:WHITE
- Original content only
#CTI #ThreatIntel #ThreatResearch 1/7
#PIVOTcon26 #CfP is open and you can submit your proposals till 6 FEB 2026
CfP rules and submissions here: https://t.co/HMu9V4yJWy
#ThreatIntel #ThreatResearch #CTI
#ESETresearch discovered and analyzed a previously undocumented malicious tool for network devices that we have named #EdgeStepper, enabling China-aligned #PlushDaemon APT to perform adversary-in-the-middle to hijack updates to deliver malware. @0xfmz https://t.co/7ZaOFdA9ZB 1/5
🚨 #APT24 Leveraging #BADAUDIO🚨
New blog post describing 🇨🇳 actor APT24 targeting 🇹🇼 via multiple vectors to include #phishing, #strategicwebcomp #supplychain compromises 👀👀👀
https://t.co/J120iZ4FUe
#PIVOTcon26 registration is now OPEN 🤟📷 #ThreatResearch #ThreatIntel 📷https://t.co/O5LJfr5JlT
Please read carefully the whole 🧵 for the rules about invite -> registration (1/6)🌐
We disrupted a highly sophisticated AI-led espionage campaign.
The attack targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies. We assess with high confidence that the threat actor was a Chinese state-sponsored group.
Awesome new threat report from Google Threat Intel Group documenting how threat actors are leveraging Gemini. A lot of information and actionable avalable in the report! Great work 👌
https://t.co/0ktEQbUhmq
Some additional details emerge about the F5 breach: the hackers were in the company's network for at least 12 months, according to people familiar with the investigation. F5 sent customers on Wednesday a threat hunting guide for Brickstorm, which is leveraged by the UNC5221 Chinese APT group. BTW, 12 months is just a bit short of the 393 days that is the average dwell time for UNC5221. Story by Patrick Howell O'Neill and colleagues: https://t.co/9PyeJQjaBd
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: https://t.co/jD6EaGtsn3
#ESETresearch’s Matthieu Faou and Zoltán Rusnák will present at Labscon 2025 @labscon_io: “Gamaredon x Turla: Unveiling a 2025 Espionage Alliance Targeting Ukraine”. Join them in Scottsdale, September 19 at 11:00 AM MST. 1/3
The Great Firewall of China (GFW) today experienced the largest internal document leak in its history. More than 500GB of source code, work logs, and internal communications have been exposed, revealing details about the development and operation of the GFW.
The leak originated from a core technical force — Geedge Networks (with chief scientist Fang Binxing) and the MESA Lab in the Institute of Information Engineering, Chinese Academy of Sciences.
The company not only provides services to local governments in Xinjiang, Jiangsu, and Fujian, but also exports censorship and surveillance technology to countries such as Myanmar, Pakistan, Ethiopia, and Kazakhstan under the “Belt and Road” framework.
Due to the massive volume of material, GFW Report will continue analyzing and updating on this page:
https://t.co/HgzRJbcTls
Blog for ToolShell
Disclaimer: The content of this blog is provided for educational and informational purposes only.
https://t.co/gT0aoKXkig
#SharePoint #ToolShell
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.3M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.9M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers