Microsoft Threat Intelligence Podcast

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo sits down with Aurora Johnson of SpyCloud and Amitai Cohen of Wiz ahead of SleuthCon to explore two rapidly changing corners of the cybercrime landscape.  

Aurora breaks down the highly organized Chinese-language smishing ecosystem, revealing how phishing operations, fraud networks, and cash-out schemes work together like a mature business.  

Amitai examines the growing threat to software supply chains, explaining how groups like Team PCP are exploiting CI/CD pipelines, open-source dependencies, and AI-assisted malware development.  

Together, they discuss the industrialization of cybercrime, the role of automation and AI, and why defenders must rethink how they secure today's interconnected digital ecosystem.  

In this episode you’ll learn:      


Why cybercrime ecosystems now operate like sophisticated businesses 


How NFC relay attacks are being used to cash out stolen credit card data 


The role Telegram marketplaces play in modern fraud operations 

Some questions we ask:     


How industrialized has modern cybercrime become? 


What clues suggest threat actors are using AI to create malware? 


What are defenders missing about CI/CD pipelines as an attack surface? 

Resources:  

View Aurora Johnson on LinkedIn  

View Amitai Cohen on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

 

Related Microsoft Podcasts:                   


The BlueHat Podcast 


Uncovering Hidden Risks     

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

 

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

 

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Allie Luhrs and Mario Samolis from Microsoft Security to explore the growing threat of open source software supply chain attacks. They discuss how malicious NPM packages, compromised developer ecosystems, AI-generated attacks, and software dependency risks are reshaping modern incident response, while sharing insights from their recent presentation at BlueHat IL 2025.  

In this episode you’ll learn:      


How attackers are targeting open source software ecosystems at scale 


Why AI is accelerating both cyberattacks and threat detection 


What was uncovered during their BlueHat presentation on modern software supply chain attacks 

Some questions we ask:     


What patterns did you uncover in NPM attack campaigns? 


Should developers rely on dependencies or build everything themselves? 


Why should organizations pay closer attention to open source security risks? 

Resources:  

View Allie Luhrs on LinkedIn  

View Mario Samolis on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

 

Related Microsoft Podcasts:                   


Afternoon Cyber Tea with Ann Johnson 


The BlueHat Podcast 


Uncovering Hidden Risks     

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

 

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

 

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo joins researchers from Huntress to break down the rise of EvilTokens, an AI-powered phishing-as-a-service platform designed to bypass MFA and automate credential theft at scale. Together, they explore how attackers are leveraging legitimate authentication flows, trusted infrastructure, and AI-generated phishing lures to blend malicious activity into normal enterprise traffic. The conversation also examines how modern phishing operations have evolved into highly professionalized cybercrime ecosystems and what defenders must do to adapt their identity security strategies.  

In this episode you’ll learn:      


How EvilTokens bypasses MFA using device code phishing 


Why AI-powered phishing campaigns are harder to detect 


What makes modern phishing kits highly scalable and automated 

Some questions we ask:     


What role does trusted infrastructure play in these attacks? 


Why are traditional phishing defenses struggling against these tactics? 


How are modern phishing kits becoming more professionalized? 

Resources:  


Watch the LinkedIn live recording 


Read Huntress’ related research 


View Lindsay O’Donnell-Welch on LinkedIn 


View Jamie Levy on LinkedIn 


View Sherrod DeGrippo on LinkedIn  

Related Microsoft Podcasts:                   


Security Insider Conversations 


The BlueHat Podcast 


Uncovering Hidden Risks     

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

 

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

 

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

This week on the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo speaks with Danny Adamitis, Distinguished Engineer at Lumen Technologies’ Black Lotus Labs who break down how the Russian state-linked threat actor Forest Blizzard is exploiting home and small office routers to hijack DNS traffic, enabling large-scale surveillance and targeted credential theft. The conversation highlights how this low-cost approach scales globally, why unmanaged routers have become a critical weak point, and how tactics, from brute force to token theft to DNS hijacking continue to evolve. 

In this episode you’ll learn:      


How Forest Blizzard exploits home routers to intercept DNS traffic 


Why unmanaged routers are a major blind spot in modern security 


How tactics have evolved from brute force to token-based access 

Some questions we ask:     


What defines Forest Blizzard and how they operate? 


How does this impact machine-to-machine or service account security? 


What are the broader third-party or downstream risks? 

Resources:  


View Danny Adamitis on LinkedIn  


View Sherrod DeGrippo on LinkedIn  


Justice Department Conducts Court-Authorized Disruption of DNS Hijacking Network Controlled by a Russian Military Intelligence Unit 


FrostArmada: All thriller, no (malware) filler 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

 

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

 

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo speaks with Maurice Mason and Jackie Burns-Koven to explore how cybercrime has shifted into a highly organized, marketplace-driven ecosystem. They break down the growing convergence between criminal networks and nation-state actors, highlighting how shared tools, infrastructure, and cryptocurrency have blurred traditional boundaries. 

The conversation dives into the rise of as-a-service cybercrime models, where access, malware, and infrastructure can be easily bought and sold, lowering barriers to entry and increasing attack volume. They also examine how blockchain intelligence is becoming a critical tool for tracking illicit activity, improving attribution, and disrupting operations. 

In this episode you’ll learn:      


How cybercrime has evolved into a scalable, marketplace-driven ecosystem 


Why initial access brokers are lowering the barrier to entry for attackers 


How proactive disruption and collaboration can reduce ransomware impact and payments 

Some questions we ask:     


What role does crypto intelligence play in prevention and detection? 


Why are threat actors shifting to alternative cryptocurrencies? 


How can defenders better protect themselves against these threats? 

 

Resources:  

View Maurice Mason on LinkedIn  

View Jackie Burns-Koven on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

 

Related Microsoft Podcasts:                   


Afternoon Cyber Tea with Ann Johnson 


The BlueHat Podcast 


Uncovering Hidden Risks     

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

 

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

 

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.