Austin Larsen

Bio

Austin Larsen is a Principal Threat Analyst with the Google Threat Intelligence Group (GTIG), where he leads investigations into the most impactful cyber events. From zero-day exploits and supply chain attacks to large-scale extortion operations, he drives coordination between internal teams, industry partners, and law enforcement to investigate, attribute, and disrupt adversaries.

Most recently, he coordinated the investigation into the Axios and TeamPCP cascading supply chain attacks. Previously, he led the investigation into UNC5537, the threat actor behind the Snowflake customer data extortion campaign, an effort critical in protecting hundreds of organizations across the telecommunications, finance, and retail sectors. Earlier at Mandiant, he led the response to UNC4841, a China-nexus campaign targeting Barracuda Email Security Gateways. That work was later cited in the U.S.-China Economic and Security Review Commission's Annual Report to Congress, directly informing national security policy.

Austin's work, spanning major investigations like Snowflake (UNC5537), FreeRadical, members of Scattered Spider (UNC3944), and various nation-state actors, has resulted in criminal arrests, public attributions, and responses from foreign governments. At Mandiant, he also ran the firm's victim notification program in the western United States, coordinating over 1,000 notifications to impacted organizations and briefing U.S. and allied government partners. Beyond these high-impact investigations, he spends time researching emerging cybercriminal groups, such as UNC6783, a cluster compromising business process outsourcers to reach and extort high-value downstream customers.