Muddled Libra: From Spraying to Preying in 2025 [Threat Vector]

33 snips

Jul 26, 2025

In this engaging discussion, Kristopher Russo, a principal threat researcher at Unit 42, and Sam Rubin, the head of Unit 42 with over 20 years of cyber expertise, delve into the rising threat posed by the Muddled Libra group. They explore the shift to destructive extortion tactics and cloud-first strategies that make traditional defenses obsolete. Real-world examples emphasize the need for robust cybersecurity measures, including a focus on zero trust principles and enhancing internal trust models to combat today's sophisticated threats.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Muddled Libra Evolution and Tactics

Muddled Libra evolved from a small crypto-focused group to modular teams targeting diverse objectives like ransomware and phishing.
They rely heavily on social engineering, especially targeting humans as the hardest-to-patch operating system.

ADVICE

Block Muddled Libra with Conditional Access

Implement strong conditional access policies to block attackers even if they gain initial access via social engineering.
Use zero trust principles like least privilege and identity management tools to enforce layered defenses.

ANECDOTE

Help Desk Duped but Stopped

In one Muddled Libra incident, help desk staff unknowingly aided attackers but were blocked by conditional access.
Despite being duped, even attackers couldn't bypass multi-factor controls, highlighting their effectiveness.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Please enjoy this Special Edition episode of the Threat Vector podcast with an update on our previous Muddled Libra coverage.

Muddled Libra is back and more dangerous than ever. In this episode of Threat Vector, David Moulton speaks with Sam Rubin and Kristopher Russo from Unit 42 about the resurgence of the threat group also known as Scattered Spider. They break down the group’s shift to destructive extortion, modular attack teams, and cloud-first tactics. Discover why traditional defenses fail, how attackers now exploit trusted tools, and what forward-leaning security leaders are doing to stay ahead. With real-world case studies, strategic advice, and insights from the front lines, this episode helps defenders understand today’s threat landscape and what’s coming next.

Join the conversation on our social media channels:

Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/
Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠
Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠
LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠
YouTube: @paloaltonetworks
Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠

About Threat Vector

Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.

Palo Alto Networks

Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com

Learn more about your ad choices. Visit megaphone.fm/adchoices