Microsoft Threat Intelligence Podcast

Recorded live at RSAC 2025, this special episode of the Microsoft Threat Intelligence Podcast, hosted by Sherrod DeGrippo, brings together Jeremy Dallman from the Microsoft Threat Intelligence and Steven Masada from Microsoft’s Digital Crimes Unit.   The panel explores the psychology and techniques behind nation-state and criminal cyber actors, how Microsoft innovatively uses legal and technical disruption to dismantle threats like Cobalt Strike and Storm-2139, and the growing trend of adversaries leveraging AI. From North Korean fake job interviews to China's critical infrastructure infiltration, this episode highlights how Microsoft is staying ahead of the curve—and sometimes even rewriting the playbook.  In this episode you’ll learn:       How targeting attacker techniques is more effective than chasing specific actors  The surprising ways threat actors use AI—for productivity, not just deepfakes  Why North Korean threat actors are building full-blown video games to drop malware  Some questions we ask:      What’s the role of Microsoft’s Digital Crimes Unit and how is it unique in the industry?  Why should cybersecurity professionals read legal indictments?  What impact did Microsoft’s legal actions have on tools like Cobalt Strike and Quakbot?  Resources:   View Jeremy Dallman on LinkedIn   View Steven Masada on LinkedIn   View Sherrod DeGrippo on LinkedIn   Bold action against fraud: Disrupting Storm-1152    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Henning Rauch, to discuss Call of the Cyber Duty is a 42-hour global cybersecurity challenge hosted by Microsoft’s Kusto Detective Agency. The competition runs from 12:00 AM Coordinated Universal Time (UTC) on June 8, 2025, and ends at 12:00 AM UTC on June 18, 2025, at 10:00AM UTC. Once a team member opens the first case, they have 42 hours to complete it.Participants will solve a series of investigative puzzles using Kusto Query Language (KQL) — no prior Kusto experience required.   This free, gamified threat-hunting experience is open to individuals and teams, with a $10,000 grand prize, an interactive mystery plot, and a Hall of Fame for the top solvers. Expect fun twists, real-world security skills, and even a surprise appearance by mentalist Lior Suchard or the illusive Professor Smoke!   Later in the episode, Sherrod is joined by security researchers Anna Seitz and Rebecca Light to explore two evolving cyber threats. Anna breaks down the unprecedented collaboration between Russian state-affiliated threat actors Aqua Blizzard and Secret Blizzard, who are combining efforts to target Ukrainian military systems. Rebecca dives into the resurgence of DarkGate malware—this time delivered through a deceptive technique called ClickFix, which uses fake CAPTCHA-like prompts to trick users into activating malicious payloads.   In this episode you’ll learn:       What Kauzar V2 malware is and how it enables long-term remote access and data theft  How Russian threat groups Aqua Blizzard and Secret Blizzard are collaborating  Why DarkGate malware remains relevant thanks to its adaptability and evasion tactics  Some questions we ask:      Are Russian threat actors adopting cybercriminal tactics like initial access brokers?  How does Kauzar V2 malware function, and why is it significant in this campaign?  What is ClickFix, and how does it differ from typical malware delivery methods?  Resources:   View Henning Rauch on LinkedIn   View Rebecca Light on LinkedIn   View Anna Seitz on LinkedIn   View Sherrod DeGrippo on LinkedIn   🕵️‍♀️ Register for the challenge (free!) https://detective.kusto.io/register  🎬 Official trailer featuring Lior Suchard https://youtu.be/sPmTX0ZrnE  🌐 Event homepage (info hub) https://detective.kusto.io  Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

Security researchers Anna Seitz and Megan Stalling from Microsoft dive deep into the BadPilot Campaign, revealing its ties to the notorious Seashell Blizzard group. They discuss how this subgroup targets industrial control systems using sneaky tactics like fake Zoom links to lure victims. The conversation highlights the importance of network detection in countering these evolving threats and explores the sophisticated social engineering techniques employed by North Korean hackers. This insightful dialogue uncovers the fascinating intersection of cyber espionage and technological adaptation.

Jamie Williams, a Threat Intelligence Researcher at Unit 42, joins Lauren Proehl, Global Head of Detection and Response at Marsh McLennan, to explore the innovative THOR Collective. They discuss the growing trend of social engineering scams and the importance of humor in InfoSec culture. The duo emphasizes making cybersecurity topics approachable and the value of engaging content in educating the community. They also touch on the role of AI in security and the rise of 'vibe coders,' highlighting the need for responsible tech use and collaboration in tackling cyber threats.

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Anna Seitz and Sarah Pfabe to dive into the activities of the Russian-aligned threat actor, Star Blizzard. Active since 2022, Star Blizzard recently shifted tactics by using WhatsApp for spear-phishing campaigns targeting government officials, NGOs, and academics. The team discusses how this change in approach may be a response to previous exposure of their tactics. They also explore the resilience of Star Blizzard, highlighting Microsoft's disruption of their operations, including the seizure of domains, and the ongoing threat posed by this actor despite legal actions. In this episode you’ll learn:      Why threat actors like Star Blizzard are highly resilient and quickly adapting What steps users take to avoid falling victim to mobile malware Challenges of monitoring WhatsApp activity and why this platform has become a target Some questions we ask:      What role do QR codes play in Star Blizzard’s phishing campaigns? Why do you think phishing continues to be the number one access vector? How resilient is Star Blizzard when facing disruptions like domain seizures or legal actions? Resources: View Sarah Pfabe on LinkedIn View Anna Seitz on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts:                   Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security InsiderThe Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network. 

In this special episode marking 50 years of Microsoft, host Sherrod DeGrippo is joined by Charlie Bell, Stephanie Calabrese, John Lambert, and Scott Woodgate to take a deeper look at Microsoft’s incredible journey in cybersecurity. They share their experiences and reflections on how the company has grown over the last five decades, from the early days of proprietary systems to the transformative rise of cloud computing and AI. As they celebrate this milestone, the conversation dives into the evolution of security practices, the development of key initiatives like the Microsoft Threat Intelligence Center and the Secure Future Initiative, and the culture of collaboration that has always been at the heart of Microsoft’s approach to tackling cybersecurity challenges. In this episode you’ll learn:      How Microsoft evolved to lead the charge in cloud computing and AI Why Microsoft's security efforts have influenced the broader tech industry The evolution of Microsoft’s security, from XP Service Pack 2 to the Secure Future Initiative Some questions we ask:     How did the company’s culture and products impact you early on?  How have you seen Microsoft’s prioritization toward cybersecurity create change?  Resources: View Charlie Bell on LinkedIn View Stephanie Calabrese on LinkedIn View John Lambert on LinkedIn View Scott Woodgate on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts:                   Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security InsiderThe Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by ransomware experts Allan Liska from Recorded Future and Jonathan Braley, Director of Threat Intelligence for IT-ISAC, to get a pulse check on the current state of ransomware.  They discuss how ransomware has shifted from simple attacks, like Locky, to more sophisticated, high-stakes campaigns targeting entire networks and demanding millions of dollars. Allan and Jonathan also highlight the rise of ransomware-as-a-service, the emergence of big game hunting attacks, and the increasingly professionalized criminal ecosystem surrounding ransomware. The conversation further explores the psychological aspects of cybercrime, focusing on the mindset of ransomware operators—particularly in Eastern Europe and Russia—where the line between crime and business can often be blurred. In this episode you’ll learn:       Why attackers now target entire networks instead of just single machines  How cybercriminal groups turned ransomware into a profitable business model  The unique challenges healthcare employees face during ransomware attacks  Findings from IT-ISAC's recent ransomware reports   Some questions we ask:        How did the Colonial Pipeline attack lead to real-world actions?  Will paying the ransom restore the organization's data and operations?  What are the differences between ransomware from 10-12 years ago and ransomware today?   Resources:   View Allan Liska on LinkedIn   View Jonathan Braley on LinkedIn   View Sherrod DeGrippo on LinkedIn     IT-ISAC Ransomware report  Food and AG-ISAC Ransomware report  Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

Kajhon Soyini, a Senior Microsoft Security Researcher at Defender Experts, discusses the Luma Stealer cryptocurrency mining campaign. He uncovers the intricate attack chain involving DLLs and clipboard malware that impacted nearly one million devices globally. Kajhon explains how attackers leverage techniques like registry modifications and obfuscation to evade detection. They also touch on the overlap between Luma Stealer and other malware families and Microsoft's efforts to combat these evolving threats.

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by two Microsoft security researchers to analyze the latest Russian nation-sponsored cyber threat activity. They discuss how Russian threat actors—collectively referred to by Microsoft with the Blizzard suffix—are primarily targeting Ukraine and NATO member states, focusing on espionage, influence operations, and cyber disruption. The conversation covers Russia’s reliance on cybercrime infrastructure, the vulnerabilities of academic and IT supply chains, and the evolving tactics of groups like Secret Blizzard and Seashell Blizzard.   In this episode you’ll learn:       Why 90% of Russian cyber-attacks target Ukraine and NATO member states  How Russian threat actors exploit academic identities to infiltrate government networks  The role of cybercriminal marketplaces in supplying tools and access to nation-state actors   Some questions we ask:        How does Secret Blizzard leverage infrastructure from other threat groups?  Is there evidence of collaboration between different Russian cyber groups?  Why is identity security such a critical factor in cyber defense?    Resources:   Attending RSAC? Connect with Sherrod and Microsoft  View Sherrod DeGrippo on LinkedIn    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by two expert guests to explore critical challenges in today’s evolving threat landscape. First, Sherrod sits down with Kelly Bissell, CVP of Fraud at Microsoft, to discuss the complexities of combating fraud and product abuse. Kelly digs into the unique challenges Microsoft faces, highlighting prevalent schemes such as crypto mining, tech support scams, and the exploitation of deepfakes. Kelly also shares insights into Microsoft’s proactive approach, including recent Azure policy changes and efforts to detect and prevent fraud across its services, especially those attempting to use the compute power for crypto mining. Later, Sherrod is joined by Priyanka Ramesha, Senior Threat Researcher on the Defender Experts team, to examine the rising risks of cloud-native attacks. They unpack why threat actors are increasingly targeting the cloud, exploiting its complexity, scalability, and common misconfigurations. Priyanka explains how attackers gain initial access through tactics like phishing, API exploitation, and OAuth abuse, and outlines their methods for credential theft, lateral movement, and data exfiltration. In this episode you’ll learn:       What crypto mining looks like in Azure and how Microsoft detects and prevents it  The five main areas of fraud and product abuse that Microsoft focuses on  How attackers exploit the complexity and misconfigurations in cloud infrastructures   Some questions we ask:        How long do crypto mining operations run unnoticed in a customer's environment?  What changes did Microsoft make to its policy regarding crypto mining?  Why are legitimate apps sometimes compromised and used in attacks?   Resources:  View Kelly Bissell on LinkedIn   View Priyanka Ramesha on LinkedIn  View Sherrod DeGrippo on LinkedIn   Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider  The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.