Federation abuse by Storm‑0501

To kick off Season 3 of Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Microsoft security researchers Anna Seitz and Jonathan Checchi.  

Our guests examine two developments shaping today’s threat landscape: the cloud-native evolution of ransomware group Storm-0501 and the SesameOp backdoor’s abuse of trusted AI platforms for stealthy command-and-control. The discussion highlights how identity, hybrid-cloud pivot points, and federated authentication enable high-impact attacks without traditional malware, and why policy-compliant platform abuse is becoming harder to detect.  

Sherrod, Anna, and Jonathan provide guidance for defenders around enforcing MFA, tightening conditional access and identity controls, monitoring across cloud and on-prem environments, and partnering with platform providers to disrupt emerging attacker tradecraft. 

In this episode you’ll learn:      

• What happens when threat actors gain control of highly privileged identities 

• Why monitoring identity behavior is as critical as monitoring endpoints 

• How attacker tactics are adapting to environments that blend cloud and on-prem systems 

 Some questions we ask:     

• What does recent threat activity tell us about where the landscape is headed? 

• How is Storm-0501 using federated authentication in their operations? 

• What should security teams focus on as AI becomes more integrated into systems? 

Resources:  

• View Anna Seitz on LinkedIn  

• View Sherrod DeGrippo on LinkedIn  

 Related Microsoft Podcasts:                   

• Afternoon Cyber Tea with Ann Johnson 

• The BlueHat Podcast 

• Uncovering Hidden Risks     

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.