Microsoft Threat Intelligence Podcast

• Star Blizzard Shifts Tactics to Spear-Phishing on Whatsapp

  In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Anna Seitz and Sarah Pfabe to dive into the activities of the Russian-aligned threat actor, Star Blizzard.  Active since 2022, Star Blizzard recently shifted tactics by using WhatsApp for spear-phishing campaigns targeting government officials, NGOs, and academics. The team discusses how this change in approach may be a response to previous exposure of their tactics. They also explore the resilience of Star Blizzard, highlighting Microsoft's disruption of their operations, including the seizure of domains, and the ongoing threat posed by this actor despite legal actions.  In this episode you’ll learn:      Why threat actors like Star Blizzard are highly resilient and quickly adapting What steps users take to avoid falling victim to mobile malware Challenges of monitoring WhatsApp activity and why this platform has become a target Some questions we ask:       What role do QR codes play in Star Blizzard’s phishing campaigns? Why do you think phishing continues to be the number one access vector? How resilient is Star Blizzard when facing disruptions like domain seizures or legal actions? Resources:  View Sarah Pfabe on LinkedIn  View Anna Seitz on LinkedIn  View Sherrod DeGrippo on LinkedIn  Related Microsoft Podcasts:                   Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

  --------  

  38:41
• Microsoft’s 50th Anniversary: Security Then and Now

  In this special episode marking 50 years of Microsoft, host Sherrod DeGrippo is joined by Charlie Bell, Stephanie Calabrese, John Lambert, and Scott Woodgate to take a deeper look at Microsoft’s incredible journey in cybersecurity.  They share their experiences and reflections on how the company has grown over the last five decades, from the early days of proprietary systems to the transformative rise of cloud computing and AI. As they celebrate this milestone, the conversation dives into the evolution of security practices, the development of key initiatives like the Microsoft Threat Intelligence Center and the Secure Future Initiative, and the culture of collaboration that has always been at the heart of Microsoft’s approach to tackling cybersecurity challenges.  In this episode you’ll learn:      How Microsoft evolved to lead the charge in cloud computing and AI Why Microsoft's security efforts have influenced the broader tech industry The evolution of Microsoft’s security, from XP Service Pack 2 to the Secure Future Initiative Some questions we ask:     How did the company’s culture and products impact you early on?  How have you seen Microsoft’s prioritization toward cybersecurity create change?  Resources:  View Charlie Bell on LinkedIn  View Stephanie Calabrese on LinkedIn  View John Lambert on LinkedIn  View Scott Woodgate on LinkedIn  View Sherrod DeGrippo on LinkedIn  Related Microsoft Podcasts:                   Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

  --------  

  55:19
• The Professionalization of the Ransomware Criminal Ecosystem

  In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by ransomware experts Allan Liska from Recorded Future and Jonathan Braley, Director of Threat Intelligence for IT-ISAC, to get a pulse check on the current state of ransomware.   They discuss how ransomware has shifted from simple attacks, like Locky, to more sophisticated, high-stakes campaigns targeting entire networks and demanding millions of dollars. Allan and Jonathan also highlight the rise of ransomware-as-a-service, the emergence of big game hunting attacks, and the increasingly professionalized criminal ecosystem surrounding ransomware. The conversation further explores the psychological aspects of cybercrime, focusing on the mindset of ransomware operators—particularly in Eastern Europe and Russia—where the line between crime and business can often be blurred.  In this episode you’ll learn:       Why attackers now target entire networks instead of just single machines  How cybercriminal groups turned ransomware into a profitable business model  The unique challenges healthcare employees face during ransomware attacks  Findings from IT-ISAC's recent ransomware reports    Some questions we ask:        How did the Colonial Pipeline attack lead to real-world actions?  Will paying the ransom restore the organization's data and operations?  What are the differences between ransomware from 10-12 years ago and ransomware today?    Resources:   View Allan Liska on LinkedIn   View Jonathan Braley on LinkedIn   View Sherrod DeGrippo on LinkedIn     IT-ISAC Ransomware report  Food and AG-ISAC Ransomware report  Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

  --------  

  40:37
• Malvertising Campaign Leads to Info Stealers Hosted on Github

  In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Senior Microsoft Security Researcher Kajhon Soyini to explore the Luma Stealer cryptocurrency mining campaign targeting individual computers as part of a large-scale malvertising campaign. They discuss the sophisticated attack chain, which includes DLLs, clipboard malware, process injection via Explorer.exe, and how this impacted nearly one million devices around the globe.   Kajhon explains how attackers use registry modifications, WMI event consumers, and obfuscation techniques like non-standard ports and reverse shells to maintain persistence and evade detection. The duo also covers Microsoft's defense efforts and the challenges of tracking down the origins of these attacks.  In this episode you’ll learn:       Why the attack chain incorporates legacy malware like NetSupport RAT  The overlap between the Luma Stealer and Donarium malware families  How Luma Stealer uses GitHub repositories and redirector networks to deliver malicious payloads    Some questions we ask:         Can you explain how the malware uses the “image file execution objects” registry path?  What role does Netcat play in this campaign’s command and control?  Why do people still mine cryptocurrency today, with all the complexities and attack methods?    Resources:   View Kajhon Soyini on LinkedIn   View Sherrod DeGrippo on LinkedIn   Connect with Sherrod and the team at RSAC    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

  --------  

  35:02
• A Blizzard Is Impacting NATO and Ukraine – The Latest on Russian Cyber Threats

  In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by two Microsoft security researchers to analyze the latest Russian nation-sponsored cyber threat activity. They discuss how Russian threat actors—collectively referred to by Microsoft with the Blizzard suffix—are primarily targeting Ukraine and NATO member states, focusing on espionage, influence operations, and cyber disruption. The conversation covers Russia’s reliance on cybercrime infrastructure, the vulnerabilities of academic and IT supply chains, and the evolving tactics of groups like Secret Blizzard and Seashell Blizzard.     In this episode you’ll learn:       Why 90% of Russian cyber-attacks target Ukraine and NATO member states  How Russian threat actors exploit academic identities to infiltrate government networks  The role of cybercriminal marketplaces in supplying tools and access to nation-state actors    Some questions we ask:         How does Secret Blizzard leverage infrastructure from other threat groups?  Is there evidence of collaboration between different Russian cyber groups?  Why is identity security such a critical factor in cyber defense?      Resources:   Attending RSAC? Connect with Sherrod and Microsoft  View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

  --------  

  23:13

More Technology podcasts

Trending Technology podcasts

About Microsoft Threat Intelligence Podcast

Microsoft Threat Intelligence Podcast: Podcasts in Family