Threat Landscape Update on Grandoreiro and Luna Tempest

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by two of MSTIC’s finest analysts. They discuss recent trends in financially motivated cyber threats observed by Microsoft, focusing particularly on two cases: the Grandoreiro banking Trojan and the Luna Tempest crimeware actor. The Grandoreiro Trojan, active since 2017, has expanded globally beyond its initial Latin American focus, now targeting countries like the U.S. and the UK. This Trojan typically starts with phishing emails to steal financial information. Despite efforts to disrupt this activity, new clusters have emerged. The discussion also covers Luna Tempest, a U.S.- and UK-based extortion group targeting startups and smaller companies, particularly in sectors like insurance, FinTech, and biotech, seeking high payouts by threatening to release sensitive data. 

In this episode you’ll learn:      

• The resilience and adaptability of threat actors in response to global disruption efforts 
• Why Luna Tempest focuses solely on extortion without deploying ransomware 
• How the Grandoreiro Banking Trojan has expanded globally  

Some questions we ask:     

• How do we distinguish between the various threat actor groups and their malware? 
• What can businesses do to protect themselves from identity-based attacks? 
• Have these cybercriminals perfected an extortion program? 

Resources:  

View Sherrod DeGrippo on LinkedIn  

Related Microsoft Podcasts:                   

• Afternoon Cyber Tea with Ann Johnson 
• The BlueHat Podcast 
• Uncovering Hidden Risks     

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

 

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.