Still

@[email protected]
1.2K Followers
17 Following
408 Posts
‧₊˚ ⋅ Indie Comfy VTuber
⊹˚. Employed Threat Intel Researcher
♡‧₊˚ SV Cover Artist
✧・゚https://azaka.fun
*:・˚ @jamama_666 / @MomoiroKohi / @justNovaj / #artsyaz
Linkshttps://links.azaka.fun/
Verificationhttps://twittodon.com/share.php?t=AzakaSekai_&[email protected]
Twitchhttps://twitch.tv/azakasekai
Still4d ago

I have no idea when Virus Bulletin uploaded our paper - but here it is: our talk from last September at VB2025, where we talked about an APT41-adjacent group started using Google Calendar C2 as part of their espionage operation.

https://www.virusbulletin.com/uploads/pdf/conference/vb2025/slides/Slides-Google-Calendar-as-C2-Infrastructure-A%20-China-nexus-Campaign-with-Stealthy-Tactics.pdf
https://www.virusbulletin.com/uploads/pdf/conference/vb2025/papers/Google-Calendar-as-C2-infrastructure-a-China-nexus-campaign-with-stealthy-tactics.pdf

StillFeb 22
guh I should probably update the profile here
StillOct 5
Happy mid-autumn festival for those that celebrate it! I'm gonna use the next Monday off to get my sleep schedule fixed 🛏️
Show threadStillJun 3, 2025

The Taiwan Ministry of Digital Affairs (MoDA) has issued a press release today stating that MoDA was made aware of CHT's improper conduct in March, and have since begun migrating to another Root CA provider (possibly Taiwan CA, another major Root CA that had worked with TW govs).

Meanwhile, CHT has also published a statement and attempting to downplay the situation by claiming "only" Chrome is affected and none of the other browsers like Apple's and Microsoft's (curiously, Firefox was not explicitly mentioned), and that they are "attempting to work with Chrome to get Root CA trust back in March 2026."

Source:
https://newtalk.tw/news/view/2025-06-03/974334
https://www.cht.com.tw/home/enterprise/news/latest-news/2025/0602-1810

Show threadStillJun 2, 2025
It appears there have been numerous compliance failures noted on Mozilla's buglist alone in the last few years. It appears some weren't taking too kindly of CHT's certain resolutions and constant mistakes in recent years.
StillJun 2, 2025

Effective July 31st, two major Root CAs used by Chunghwa Telecom will no longer be trusted on Chrome 139 and higher. Chunghwa Telecom is the largest telecommunication company responsible for Taiwan's network infrastructure, and their root CA is used to sign certificates used by major Taiwanese government websites.

Google cited "compliance failures, unmet improvement commitments and the absence of tangible, measurable progress in response to publicly disclosed incident reports."

Show threadStillJun 2, 2025
Solved, it's Tuoni https://docs.shelldot.com
Tuoni Documentation

StillJun 2, 2025
Is anyone familiar with this kind of file name? Looks like it's generated from some sort of C2 framework but I'm not sure what. #threathunting
Show threadStillMay 29, 2025
Just to be clear, it's not like any vendor including us holds exclusive rights to be presenting anything. TAG hasn't done anything wrong - but it sours the mood a little when this is published just few weeks after our talk embargo was lifted.
StillMay 29, 2025
https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics
you're joking TAG completely spoiled our VB2025 talk AAAAA
Mark Your Calendar: APT41 Innovative Tactics | Google Cloud Blog

Google Cloud Blog