Microsoft Threat Intelligence Podcast

Chloe Mesdaghi, AI governance and cybersecurity risk lead focused on oversight and resilience. Crane Hassold, security researcher tracking how adversaries adopt tech. They cut through hype to show where AI actually helps: detection, triage, automated recon, and workflows. They flag real risks like prompt injection, agent manipulation, and AI systems becoming targets. Practical, practitioner-focused conversation.

Join threat experts Jonathan Checchi and Anna Seitz as they delve into the dangerous world of cloud-native ransomware. Jonathan explores how Storm-0501 has evolved its tactics, leveraging hybrid cloud environments to maximize impact. Meanwhile, Anna reveals the insidious SesameOp backdoor, which abuses trusted AI platforms for covert command-and-control operations. The conversation highlights the importance of monitoring identity behavior and implementing robust defenses like MFA to combat these sophisticated threats.

Jeff McDonald, a Microsoft security research lead specializing in ML model protections, and Jonathan Barr Orr, a hacker and vulnerability researcher, discuss Whisper Leak. They explain how token-by-token streaming and packet size/timing patterns can reveal topics in encrypted AI traffic. The conversation covers which models show signals, real-world adversaries, and developer mitigation approaches.

Matt Duncan, Vice President of Security Operations and Intelligence at E-ISAC, dives into the critical world of power grid security. He discusses how AI is evolving the threat landscape, making it easier for attackers to target outdated systems. Severe weather events increase cyber vigilance, while harrowing insights into hacktivists reveal unique motivations and tactics. Matt emphasizes the importance of industry collaboration and real-life success stories to fortify defenses. Learn why foundational security practices are essential for keeping our electricity safe and resilient.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by security researchers Tori Murphy and Anna Seitz to unpack two financially motivated cyber threats. First, they explore the Payroll Pirates campaign (Storm 2657), which targets university payroll systems through phishing and MFA theft to reroute direct deposits. Then, they examine Vanilla Tempest, a ransomware group abusing fraudulent Microsoft Teams installers and SEO poisoning to deliver the Oyster Backdoor and Recita ransomware.   Together, they discuss how attackers exploit trust in identity, code signing, and SaaS platforms and share practical steps organizations can take to strengthen defenses, from phishing-resistant MFA to stricter executable controls and out-of-band banking verification.  In this episode you’ll learn:       How Payroll Pirates diverted university salaries through SaaS HR phishing schemes  Why universities are prime targets for identity-based cyberattacks  How Vanilla Tempest evolved from basic ransomware to complex multi-stage attacks  Some questions we ask:      How are attackers stealing credentials and paychecks?  Why do attackers create inbox rules after compromising accounts?  What alerts should organizations monitor for these types of attacks?  Resources:   View Tori Murphy on LinkedIn   View Anna Seitz on LinkedIn  View Sherrod DeGrippo on LinkedIn   Investigating targeted “payroll pirate” attacks affecting US universities  Microsoft Threat Intelligence healthcare ransomware report highlights need for collective industry action    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network. 

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Zack Korman, CTO of cybersecurity startup Pistachio. They explore the reality of AI in security, cutting through hype to discuss where AI is both brilliant and flawed, how vendors AI-wash outdated tech, and why Zack believes AI won’t replace jobs but instead scale human creativity. They also dive into phishing simulations, human psychology behind social engineering, AI-powered attacks, jailbreak chaining between AI systems, and the future risks and opportunities AI introduces in cybersecurity.   In this episode you’ll learn:       How to evaluate whether a vendor is truly using AI in their product  The psychology behind why people fall for phishing attacks  Why human judgment will remain essential in the era of AI-driven security.  Some questions we ask:      How can AI unlock new capabilities in cybersecurity?  What questions should people ask AI security vendors?  Why do trained security professionals still fall for phishing attacks?  Resources:   View Zack Korman on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network. 

Crane Hassold, a Principal Security Researcher at Microsoft, and Chloé Messdaghi, Senior Reporting Manager leading the Microsoft Digital Defense Report, dive into the evolving landscape of cybersecurity threats. They discuss how AI is shaping both attacker strategies and defensive measures, highlighting that over 99% of attacks begin with identity compromise. The duo explains the fusion of nation-state operations and cybercrime, as well as the risks posed by AI-enhanced phishing and the significance of emerging threat intelligence from expansive telemetry.

Chuong Dong, a security engineer and malware expert at Microsoft, dives deep into the threat landscape of ransomware and modular malware. He discusses PipeMagic, a sophisticated backdoor masquerading as a harmless desktop app, and its detection challenges. The conversation shifts to Medusa ransomware and its transition to a ransomware-as-a-service model using double extortion tactics. Dong highlights the abuse of legitimate tools in these attacks and the crucial role of leak sites in ransomware operations. Tune in for vital insights into modern cybersecurity threats!

In this engaging discussion, Kelly Bissell, Corporate Vice President at Microsoft with over 30 years in cybersecurity, dives into the evolving landscape of domain impersonation and typosquatting, especially as AI ramps up deception tactics. He illustrates how attackers are leveraging bots and AI for tailored fraud, why Microsoft’s Siamese neural network is a game-changer for real-time detection, and how defenders like Microsoft may finally hold the upper hand. Kelly also shares insights on common warning signs of fraud and how organizations can effectively utilize these protective measures.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Microsoft researchers Kelsey Clapp and Anna Seitz to examine two major cybercrime campaigns. The team unpacks Storm 2561’s use of SEO poisoning to distribute Trojanized software like SilentRoute and Bumblebee, stealing VPN credentials and paving the way for ransomware brokers.  They also dive into Storm 1811’s ReadBed malware, a loader deployed through bold social engineering tactics, such as fake IT help desk calls via Teams, that enable lateral movement and ransomware deployment. The discussion highlights how modern threat actors exploit trust, extend attack chains, and continually evolve their techniques, underscoring the importance of vigilance, strong security controls, and verifying before trusting. In this episode you’ll learn:      How Storm 2561 uses SEO poisoning to trick users into downloading Trojanized software The role of trust, urgency, and habit in social engineering tactics Practical steps organizations can take to block these threats and strengthen defenses Some questions we ask:     Why are initial access loaders such a big risk for organizations? How are threat actors using fake IT help desk calls to gain access? What steps should defenders take to cut off these entry points? Resources:  View Anna Seitz on LinkedIn View Kelsey Clapp on LinkedIn  View Sherrod DeGrippo on LinkedIn  Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.