Microsoft Threat Intelligence Podcast

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Microsoft researchers Kelsey Clapp and Anna Seitz to examine two major cybercrime campaigns. The team unpacks Storm 2561’s use of SEO poisoning to distribute Trojanized software like SilentRoute and Bumblebee, stealing VPN credentials and paving the way for ransomware brokers.  They also dive into Storm 1811’s ReadBed malware, a loader deployed through bold social engineering tactics, such as fake IT help desk calls via Teams, that enable lateral movement and ransomware deployment. The discussion highlights how modern threat actors exploit trust, extend attack chains, and continually evolve their techniques, underscoring the importance of vigilance, strong security controls, and verifying before trusting. In this episode you’ll learn:      How Storm 2561 uses SEO poisoning to trick users into downloading Trojanized software The role of trust, urgency, and habit in social engineering tactics Practical steps organizations can take to block these threats and strengthen defenses Some questions we ask:     Why are initial access loaders such a big risk for organizations? How are threat actors using fake IT help desk calls to gain access? What steps should defenders take to cut off these entry points? Resources:  View Anna Seitz on LinkedIn View Kelsey Clapp on LinkedIn  View Sherrod DeGrippo on LinkedIn  Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

Tom Gallagher, VP of Engineering at Microsoft's Security Response Center, discusses the importance of responsible disclosure in cybersecurity and the exciting $5 million Zero Day Quest initiative. Eric Olson, Principal Security Researcher, dives into the explosive evolution of ransomware and social engineering tactics. He highlights the drastic reduction in ransomware dwell times to mere minutes and the emerging threat of AI-enhanced phishing attacks. Together, they emphasize the need for collaboration between researchers and security teams to combat these growing threats.

Aarti Borkar is the VP of Security at Microsoft, focusing on proactive measures, while Simeon Kakpovi tracks crime-based threat actors, and Andrew Rapp specializes in incident response. They discuss how legal tactics disrupt threat actors and the necessity of rehearsed incident response plans. Snow, co-founder of the Social Engineering Community Village at DEF CON, shares her unique journey from special effects to social engineering, emphasizing empathy and creativity as powerful tools in security testing. The conversation highlights the emotional toll on defenders and the evolving nature of cyber threats.

Richard Boscovich, Assistant General Counsel at Microsoft’s Digital Crimes Unit, and Derek Richardson, Principal Investigator at the same unit, dive into the impressive takedown of Lumma Stealer's vast malware network. They discuss innovative legal strategies like the RICO Act and the importance of global collaboration with partners such as Europol. The conversation reveals how Microsoft seized 2,300 domains to protect hundreds of thousands of victims and hints at a new era of persistent cybercrime disruption that may redefine cybersecurity operations.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Grifter, the legendary Black Hat NOC lead, and Lintile, host of Hacker Jeopardy, to go behind the scenes of DEF CON and Black Hat. They unpack the chaos of managing the world’s most hostile networks, share advice for first-time attendees, and explore the vibrant hacker community that thrives on connection, contests, and lifelong friendships. The conversation also covers how to submit compelling CFP abstracts, why live events matter, and the controlled mayhem that defines Hacker Jeopardy each year in Las Vegas.  Heading to Black Hat? Join us at booth #2246 where we will be recording new episodes, and request to attend the VIP Mixer. We’ll also be hosting the BlueHat podcast, our friends from GitHub, and experts from our incident response team.  In this episode you’ll learn:       Why skipping talks at DEF CON to join contests and villages can be more valuable  Tips for crafting compelling CFP abstracts that stand out among 1,000+ submissions  The importance of connection and niche technical discussions in the hacker community    Some questions we ask:      What advice would you give to someone who has never been to DEF CON?  How does the team plan traps and misdirection in Hacker Jeopardy questions?  What do you think the community should focus on getting out of DEF CON?  Resources:   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider  The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

Craig Nelson, leader of Microsoft’s elite Red Team and a veteran in simulating real-world attacks, shares pivotal insights on cybersecurity dynamics. He discusses how human behavior can influence security breaches and the importance of collaboration between red and blue teams. Craig explores the impact of AI on attacker tactics and stresses creative thinking in identifying vulnerabilities. He reflects on his journey from the ’90s hacker scene to navigating cloud security challenges, offering valuable advice for aspiring red teamers.

Recorded live at RSAC 2025, this special episode of the Microsoft Threat Intelligence Podcast, hosted by Sherrod DeGrippo, brings together Jeremy Dallman from the Microsoft Threat Intelligence and Steven Masada from Microsoft’s Digital Crimes Unit.   The panel explores the psychology and techniques behind nation-state and criminal cyber actors, how Microsoft innovatively uses legal and technical disruption to dismantle threats like Cobalt Strike and Storm-2139, and the growing trend of adversaries leveraging AI. From North Korean fake job interviews to China's critical infrastructure infiltration, this episode highlights how Microsoft is staying ahead of the curve—and sometimes even rewriting the playbook.  In this episode you’ll learn:       How targeting attacker techniques is more effective than chasing specific actors  The surprising ways threat actors use AI—for productivity, not just deepfakes  Why North Korean threat actors are building full-blown video games to drop malware  Some questions we ask:      What’s the role of Microsoft’s Digital Crimes Unit and how is it unique in the industry?  Why should cybersecurity professionals read legal indictments?  What impact did Microsoft’s legal actions have on tools like Cobalt Strike and Quakbot?  Resources:   View Jeremy Dallman on LinkedIn   View Steven Masada on LinkedIn   View Sherrod DeGrippo on LinkedIn   Bold action against fraud: Disrupting Storm-1152    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Henning Rauch, to discuss Call of the Cyber Duty is a 42-hour global cybersecurity challenge hosted by Microsoft’s Kusto Detective Agency. The competition runs from 12:00 AM Coordinated Universal Time (UTC) on June 8, 2025, and ends at 12:00 AM UTC on June 18, 2025, at 10:00AM UTC. Once a team member opens the first case, they have 42 hours to complete it.Participants will solve a series of investigative puzzles using Kusto Query Language (KQL) — no prior Kusto experience required.   This free, gamified threat-hunting experience is open to individuals and teams, with a $10,000 grand prize, an interactive mystery plot, and a Hall of Fame for the top solvers. Expect fun twists, real-world security skills, and even a surprise appearance by mentalist Lior Suchard or the illusive Professor Smoke!   Later in the episode, Sherrod is joined by security researchers Anna Seitz and Rebecca Light to explore two evolving cyber threats. Anna breaks down the unprecedented collaboration between Russian state-affiliated threat actors Aqua Blizzard and Secret Blizzard, who are combining efforts to target Ukrainian military systems. Rebecca dives into the resurgence of DarkGate malware—this time delivered through a deceptive technique called ClickFix, which uses fake CAPTCHA-like prompts to trick users into activating malicious payloads.   In this episode you’ll learn:       What Kauzar V2 malware is and how it enables long-term remote access and data theft  How Russian threat groups Aqua Blizzard and Secret Blizzard are collaborating  Why DarkGate malware remains relevant thanks to its adaptability and evasion tactics  Some questions we ask:      Are Russian threat actors adopting cybercriminal tactics like initial access brokers?  How does Kauzar V2 malware function, and why is it significant in this campaign?  What is ClickFix, and how does it differ from typical malware delivery methods?  Resources:   View Henning Rauch on LinkedIn   View Rebecca Light on LinkedIn   View Anna Seitz on LinkedIn   View Sherrod DeGrippo on LinkedIn   🕵️‍♀️ Register for the challenge (free!) https://detective.kusto.io/register  🎬 Official trailer featuring Lior Suchard https://youtu.be/sPmTX0ZrnE  🌐 Event homepage (info hub) https://detective.kusto.io  Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

Security researchers Anna Seitz and Megan Stalling from Microsoft dive deep into the BadPilot Campaign, revealing its ties to the notorious Seashell Blizzard group. They discuss how this subgroup targets industrial control systems using sneaky tactics like fake Zoom links to lure victims. The conversation highlights the importance of network detection in countering these evolving threats and explores the sophisticated social engineering techniques employed by North Korean hackers. This insightful dialogue uncovers the fascinating intersection of cyber espionage and technological adaptation.

Jamie Williams, a Threat Intelligence Researcher at Unit 42, joins Lauren Proehl, Global Head of Detection and Response at Marsh McLennan, to explore the innovative THOR Collective. They discuss the growing trend of social engineering scams and the importance of humor in InfoSec culture. The duo emphasizes making cybersecurity topics approachable and the value of engaging content in educating the community. They also touch on the role of AI in security and the rise of 'vibe coders,' highlighting the need for responsible tech use and collaboration in tackling cyber threats.