Microsoft Threat Intelligence Podcast

Threat Landscape Update on Grandoreiro and Luna Tempest

Jun 5, 2024

Sherrod DeGrippo discusses the Grandoreiro banking Trojan's global expansion and the Luna Tempest extortion group targeting startups. The evolving tactics of threat actors, challenges in disrupting them, and the rise of identity-based attacks are highlighted. Collaboration and industry unity are emphasized in combating cyber threats.

32:58

Creator website

Episode guests

Sherrod DeGrippo

AI Summary

Highlights

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Grandoreiro banking Trojan has expanded globally targeting US and UK with phishing emails.

Luna Tempest focuses on targeted extortion without ransomware, showing a shift in threat landscape.

Deep dives

Financially Motivated Threats: Grand Oréro Banking Trojan Activity Profile

Microsoft has observed an increase in financially motivated threats, focusing on banking trojans. The Grand Oréro banking Trojan, active since at least 2017, expanded globally in 2024, targeting regions like the UK and Australia. The trojan initiates through phishing emails impersonating trusted sources, leading victims to download malicious files. It operates similarly to older banking trojans like Dana bot, aiming to steal financial data, even adapting to bypass two-factor authentication.

The dual nature of cyber threats: loud and quiet

01:28

Intro

2min

Evolution of Grandoreiro Banking Trojan and Similarities to Older Trojans

5min

Challenges in disrupting financially motivated threat actors

4min

Rising Threats and Intrusions in Cybersecurity

17min

Exploring Dr. Luna Tempest's Targeting Strategies and Collaborative Efforts in Tracking

2min

Reflections on industry collaboration and impact of disruptions

2min

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by two of MSTIC’s finest analysts. They discuss recent trends in financially motivated cyber threats observed by Microsoft, focusing particularly on two cases: the Grandoreiro banking Trojan and the Luna Tempest crimeware actor. The Grandoreiro Trojan, active since 2017, has expanded globally beyond its initial Latin American focus, now targeting countries like the U.S. and the UK. This Trojan typically starts with phishing emails to steal financial information. Despite efforts to disrupt this activity, new clusters have emerged. The discussion also covers Luna Tempest, a U.S.- and UK-based extortion group targeting startups and smaller companies, particularly in sectors like insurance, FinTech, and biotech, seeking high payouts by threatening to release sensitive data.

In this episode you’ll learn:

The resilience and adaptability of threat actors in response to global disruption efforts
Why Luna Tempest focuses solely on extortion without deploying ransomware
How the Grandoreiro Banking Trojan has expanded globally

Some questions we ask:

How do we distinguish between the various threat actor groups and their malware?
What can businesses do to protect themselves from identity-based attacks?
Have these cybercriminals perfected an extortion program?

Resources:

View Sherrod DeGrippo on LinkedIn

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Get the latest threat intelligence insights and guidance at Microsoft Security Insider

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Microsoft Threat Intelligence Podcast

Threat Landscape Update on Grandoreiro and Luna Tempest

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Financially Motivated Threats: Grand Oréro Banking Trojan Activity Profile

Extortion-Based Threat Actor: Luna Tempest

Collaborative Threat Intelligence Efforts and Community Involvement

The dual nature of cyber threats: loud and quiet

In this episode you’ll learn:

Some questions we ask:

Resources:

Related Microsoft Podcasts:

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Microsoft Threat Intelligence Podcast

Threat Landscape Update on Grandoreiro and Luna Tempest

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Financially Motivated Threats: Grand Oréro Banking Trojan Activity Profile

Extortion-Based Threat Actor: Luna Tempest

Collaborative Threat Intelligence Efforts and Community Involvement

The dual nature of cyber threats: loud and quiet

In this episode you’ll learn:

Some questions we ask:

Resources:

Related Microsoft Podcasts:

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights