Austin Larsen

Principal Threat Analyst

Leading rapid response and investigations into major global cyber events. Previously Mandiant incident response. Nation-state threats, zero-days, and data extortion campaigns.

Research Blog
austin@threat-intel ~ %

// latest

Recent Posts

New Site, Who Dis

Launching my new personal site, built with Astro and deployed on Cloudflare Pages.

meta

// publications

Research & Publications

GTIG

North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack

#unc1069#dprk#north-korea#supply-chain#npm
GTIG

Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft

#data-theft#saas#shinyhunters
GTIG

Multiple Threat Actors Exploit React2Shell (CVE-2025-55182)

#cve-2025-55182#react2shell#exploitation#zero-day
GTIG

Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign

#zero-day#extortion#oracle
GTIG

Widespread Data Theft Targets Salesforce Instances via Salesloft Drift

#data-theft#salesforce#saas
GTIG

UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion

#unc5537#snowflake#data-theft#extortion
Mandiant

Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies

#ivanti#lateral-movement#china#unc5325
Mandiant

Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect

#initial-access#f5#screenconnect
Mandiant

Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts

#ivanti#zero-day#china#unc5325
Mandiant

Assessed Cyber Structure and Alignments of North Korea in 2023

#dprk#north-korea#apt#attribution
Mandiant

Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)

#unc4841#barracuda#zero-day#china
Mandiant

North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack

#dprk#north-korea#supply-chain#jumpcloud
Mandiant

Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China

#barracuda#zero-day#china#unc4841
Mandiant

SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack

#sim-swapping#azure#cloud

// conferences

Talks & Presentations

RooCon

RooCon
Cyber Defense Summit

Cyber Defense Summit
Cyber Summit Korea

Cyber Summit Korea
RooCon

RooCon
mWISE

mWISE
LABScon

LABScon
BSides Boulder

BSides Boulder
CARO Workshop

CARO Workshop
HTCIA International Conference

HTCIA International Conference
LABScon

LABScon
RooCon

RooCon

// press & coverage

Media

북한 사이버 공격, AI로 더 똑똑해졌다 — 구글이 경고한 3가지는?

Austin sat down with Korea's Digital Daily to warn that North Korean cyber actors are leveraging AI to conduct IT employment fraud, intelligence gathering, and post-compromise operations at scale — including using deepfakes, LLMs, and custom malware enhancements.

Digital Daily interview

북한 사이버 공격, AI로 더 똑똑해졌다 — 구글이 경고한 3가지는?
CyberScoop50 Award

Austin was named one of the top 50 most influential people in cybersecurity for 2024.

CyberScoop award

CyberScoop50 Award
How the FBI and Mandiant caught a serial hacker who tried to fake his own death

Austin's work at Mandiant was central to tracking a serial hacker who faked his own death to evade law enforcement.

TechCrunch feature

How the FBI and Mandiant caught a serial hacker who tried to fake his own death
The Walls Are Closing In on the Snowflake Hacker

Austin's investigation into UNC5537 helped build the case that closed in on the Snowflake hacker.

404 Media feature

The Walls Are Closing In on the Snowflake Hacker
China hacking claims: Google Mandiant

Austin published research on UNC4841, the China-linked actor behind the Barracuda ESG zero-day, which prompted a direct response from China's Foreign Ministry calling the findings far-fetched and unprofessional.

Fortune quote

China hacking claims: Google Mandiant