Microsoft Threat Intelligence Podcast cover image

Microsoft Threat Intelligence Podcast

Vanilla Tempest: The Threat Actor Behind Recent Hospital Ransomware Attacks

Oct 23, 2024
32:52
Creator website

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Anna and Keivan to discuss two prominent threat actors: Vanilla Tempest and Peach Sandstorm. 


Vanilla Tempest, a financially motivated cybercrime group, has been involved in recent ransomware attacks on U.S. hospitals, utilizing various ransomware payloads such as Ink. They are known for using tools like PowerShell scripts and Goot Loader to exfiltrate data and extort victims. Peach Sandstorm, an Iranian nation-state threat actor, focuses on cyber espionage and intelligence collection. They have targeted various sectors, including energy, defense, and critical infrastructure, and have shown increasing sophistication in their attacks. Later, Sherrod speaks with Colton Bremer, a senior security researcher at Microsoft, about his work on the Defender Experts (DEX) team. Colton explains the different tiers of DEX services, which focus on detecting and mitigating advanced threats that may bypass traditional security measures. 


In this episode you’ll learn:      

  • A backdoor called Tickler that uses Azure infrastructure for command and control 
  • The significance of these groups' tactics and maintaining ransomware resiliency 
  • The different tiers of DEX services detecting and mitigating advanced threats 

 

Some questions we ask:    

  • How does Vanilla Tempest typically execute their attacks? 
  • Has Peach Sandstorm evolved over time in their cyber espionage efforts? 
  • What can individuals or organizations do to mitigate cloud identity abuse? 

 

Resources:  

View Colton Bremer on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

 

Related Microsoft Podcasts:                   

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

 

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

 

 

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.
App store bannerPlay store banner

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode