Austin Larsen

Principal Threat Analyst

Leading rapid response and investigations into major global cyber events. Previously Mandiant incident response. Nation-state threats, zero-days, and data extortion campaigns.

austin@threat-intel ~ %

Research & Publications

GTIG

North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack

#unc1069#dprk#north-korea#supply-chain#npm
GTIG

Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft

#data-theft#saas#shinyhunters
GTIG

Multiple Threat Actors Exploit React2Shell (CVE-2025-55182)

#cve-2025-55182#react2shell#exploitation#zero-day
GTIG

Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign

#zero-day#extortion#oracle
GTIG

Widespread Data Theft Targets Salesforce Instances via Salesloft Drift

#data-theft#salesforce#saas
GTIG

UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion

#unc5537#snowflake#data-theft#extortion
Mandiant

Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies

#ivanti#lateral-movement#china#unc5325
Mandiant

Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect

#initial-access#f5#screenconnect
Mandiant

Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts

#ivanti#zero-day#china#unc5325
Mandiant

Assessed Cyber Structure and Alignments of North Korea in 2023

#dprk#north-korea#apt#attribution
Mandiant

Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)

#unc4841#barracuda#zero-day#china
Mandiant

North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack

#dprk#north-korea#supply-chain#jumpcloud
Mandiant

Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China

#barracuda#zero-day#china#unc4841
Mandiant

SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack

#sim-swapping#azure#cloud

Media