Send Link mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.anu.edu.au/mailman/listinfo/link
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Link digest..."
Today's Topics:
1. Google launches threat disruption unit, wants more
collaboration (Stephen Loosley)
----------------------------------------------------------------------
Message: 1
Date: Tue, 24 Mar 2026 21:04:05 +1030
From: Stephen Loosley <[email protected]>
To: "link" <[email protected]>
Subject: [LINK] Google launches threat disruption unit, wants more
collaboration
Message-ID: <[email protected]>
Content-Type: text/plain; charset="UTF-8"
Google launches threat disruption unit, stops short of calling it ?offensive?
By David DiMolfetta March 23, 2026
https://www.nextgov.com/cybersecurity/2026/03/google-launches-threat-disruption-unit-stops-short-calling-it-offensive/412321/
[The unit will use legal authorizations and technical capabilities to impede
cyber threat groups, though company execs say it will not go so far as to hack
into adversaries' systems.]
SAN FRANCISCO ? Google?s threat intelligence arm officially launched its
anticipated disruptive cyber unit on Monday, which comes as the Trump
administration seeks to create a more offensive, proactive U.S. culture in
cyberspace against foreign hacker groups and cybercriminals.
Company officials notably deemed the unit a defensive operation, however
because it focuses on cutting off the paths hackers rely on to breach systems,
rather than using technical capabilities to hack into other governments? or
foreign firms? computer networks.
The unit was made public in a keynote address delivered at RSAC Conference by
Sandra Joyce, the vice president of Google?s Threat Intelligence Group. ?We?re
now in a position where we can and we must actively shape the outcome of
adversary behaviors,? she said on stage.
Google, like other major tech firms with cybersecurity services, can impede
cyber adversaries by leveraging visibility into and control over widely used
platforms and infrastructure that attackers routinely depend on to stage,
deliver or manage their hacking operations. In recent months, Google has
highlighted a series of intricate takedown efforts, and the announcement,
executives say, is meant to encourage other firms in the cybersecurity and tech
community to adopt a culture of proactive disruption.
?The private sector operates the very infrastructure that adversaries abuse,?
Joyce said. ?This gives us a unique vantage point of the technical capabilities
that government agencies sometimes don?t have, and disrupting threat actors
must become the status quo in our industry.?
The announcement dovetails with the release of the Trump administration?s
national cyber strategy, which has focused, in part, on crafting a more
offensive culture among U.S. cyber warriors and their private sector
counterparts.
But Sean Cairncross, the White House cyber czar, made it clear earlier this
month that he doesn?t want private sector firms hacking on behalf of the
government. Joyce, in a similar fashion, said the unit is not a ?hacking back?
initiative, but makes ?legal and ethical use of intelligence to protect our own
platforms.?
Those legal actions include the practice of getting court orders to take down
certain web infrastructure being used by hackers. Other aspects of the unit?s
modus operandi include publicly exposing hacking groups, taking down their
infrastructure and driving product improvements to prevent hackers from
attempting further intrusions.
?I think people have had it,? John Hultquist, the company?s chief threat
analyst, told reporters of the choice to launch the unit now after years of
related efforts involving law enforcement takedowns of hacker infrastructure.
?What we?re talking about is ? can we deny the adversary the resources it needs
to get between the water and the castle??
?It?s not just about disabling things within the Google ecosystem,? added
Charles Carmakal, the chief technology officer at Google subsidiary Mandiant.
?We?re doing this in a way where we want to get more and more collaboration
with other partners, so that the disruption is much broader and more impactful
to the adversary.?
--
------------------------------
Subject: Digest Footer
_______________________________________________
Link mailing list
[email protected]
https://mailman.anu.edu.au/mailman/listinfo/link
------------------------------
End of Link Digest, Vol 400, Issue 14
*************************************
