Microsoft Threat Intelligence Podcast

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Allie Luhrs and Mario Samolis from Microsoft Security to explore the growing threat of open source software supply chain attacks. They discuss how malicious NPM packages, compromised developer ecosystems, AI-generated attacks, and software dependency risks are reshaping modern incident response, while sharing insights from their recent presentation at BlueHat IL 2025. In this episode you’ll learn: How attackers are targeting open source software ecosystems at scale Why AI is accelerating both cyberattacks and threat detection What was uncovered during their BlueHat presentation on modern software supply chain attacks Some questions we ask: What patterns did you uncover in NPM attack campaigns? Should developers rely on dependencies or build everything themselves? Why should organizations pay closer attention to open source security risks? Resources: View Allie Luhrs on LinkedIn View Mario Samolis on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Zack Korman, CTO of cybersecurity startup Pistachio. They explore the reality of AI in security, cutting through hype to discuss where AI is both brilliant and flawed, how vendors AI-wash outdated tech, and why Zack believes AI won’t replace jobs but instead scale human creativity. They also dive into phishing simulations, human psychology behind social engineering, AI-powered attacks, jailbreak chaining between AI systems, and the future risks and opportunities AI introduces in cybersecurity. In this episode you’ll learn: How to evaluate whether a vendor is truly using AI in their product The psychology behind why people fall for phishing attacks Why human judgment will remain essential in the era of AI-driven security. Some questions we ask: How can AI unlock new capabilities in cybersecurity? What questions should people ask AI security vendors? Why do trained security professionals still fall for phishing attacks? Resources: View Zack Korman on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Tori Murphy, Anna Seitz, and Chuong Dong to break down two threats: the modular backdoor PipeMagic and Medusa ransomware. They discuss how PipeMagic disguises itself as a ChatGPT desktop app to deliver malware, its sophisticated modular design, and what defenders can do to detect it. The team also explores Medusa’s evolution into a ransomware-as-a-service model, its use of double extortion tactics, and the broader threat landscape shaped by ransomware groups, social engineering, and the abuse of legitimate tools. In this episode you’ll learn: Why modular malware is harder to detect and defend against How attackers abuse vulnerable drivers to disable security tools Why leak sites play a central role in ransomware operations Some questions we ask: How did Microsoft researchers uncover PipeMagic in the wild? Why do ransomware groups often borrow names and themes from mythology? What initial access techniques are commonly associated with Medusa attacks? Resources: View Anna Seitz on LinkedIn View Chuong Dong on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Microsoft researchers Kelsey Clapp and Anna Seitz to examine two major cybercrime campaigns. The team unpacks Storm 2561’s use of SEO poisoning to distribute Trojanized software like SilentRoute and Bumblebee, stealing VPN credentials and paving the way for ransomware brokers. They also dive into Storm 1811’s ReadBed malware, a loader deployed through bold social engineering tactics, such as fake IT help desk calls via Teams, that enable lateral movement and ransomware deployment. The discussion highlights how modern threat actors exploit trust, extend attack chains, and continually evolve their techniques, underscoring the importance of vigilance, strong security controls, and verifying before trusting. In this episode you’ll learn: How Storm 2561 uses SEO poisoning to trick users into downloading Trojanized software The role of trust, urgency, and habit in social engineering tactics Practical steps organizations can take to block these threats and strengthen defenses Some questions we ask: Why are initial access loaders such a big risk for organizations? How are threat actors using fake IT help desk calls to gain access? What steps should defenders take to cut off these entry points? Resources: View Anna Seitz on LinkedIn View Kelsey Clapp on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Aarti Borkar, Simeon Kakpovi, and Andrew Rapp for a behind-the-scenes look at how Microsoft Threat Intelligence and Microsoft Incident Response teams collaborate as part of a closed-loop system, the emotional toll of breaches, and how organizations of any size can build resilience through preparation and psychological safety. By listening to this segment, you’ll get a preview of what this group brought to the main stage of Black Hat this year. Later, Sherrod chats with Snow, co-founder of the Social Engineering Community Village at DEF CON, about her journey from special effects makeup to elite social engineer, and how empathy, creativity, and even a ladder can be powerful tools in physical security testing. In this episode you’ll learn: How Microsoft’s Digital Crimes Unit uses legal tactics to disrupt threat actors Why rehearsing your incident response plan can save weeks of recovery time How AI is being trained to make social engineering phone calls on its own Some questions we ask: How would you describe the overall health of the global cybersecurity landscape? Why does tailoring AI prompts sometimes feel like social engineering? What is the feedback loop between incident response, intelligence, and product protections? Resources: View Aarti Borkar on LinkedIn View Simeon Kakpovi on LinkedIn View Andrew Rapp on LinkedIn View Sherrod DeGrippo on LinkedIn Microsoft at Black Hat USA 2025 Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Grifter, the legendary Black Hat NOC lead, and Lintile, host of Hacker Jeopardy, to go behind the scenes of DEF CON and Black Hat. They unpack the chaos of managing the world’s most hostile networks, share advice for first-time attendees, and explore the vibrant hacker community that thrives on connection, contests, and lifelong friendships. The conversation also covers how to submit compelling CFP abstracts, why live events matter, and the controlled mayhem that defines Hacker Jeopardy each year in Las Vegas. Heading to Black Hat? Join us at booth #2246 where we will be recording new episodes, and request to attend the VIP Mixer. We’ll also be hosting the BlueHat podcast, our friends from GitHub, and experts from our incident response team. In this episode you’ll learn: Why skipping talks at DEF CON to join contests and villages can be more valuable Tips for crafting compelling CFP abstracts that stand out among 1,000+ submissions The importance of connection and niche technical discussions in the hacker community Some questions we ask: What advice would you give to someone who has never been to DEF CON? How does the team plan traps and misdirection in Hacker Jeopardy questions? What do you think the community should focus on getting out of DEF CON? Resources: View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

Recorded live at RSAC 2025, this special episode of the Microsoft Threat Intelligence Podcast, hosted by Sherrod DeGrippo, brings together Jeremy Dallman from the Microsoft Threat Intelligence and Steven Masada from Microsoft’s Digital Crimes Unit. The panel explores the psychology and techniques behind nation-state and criminal cyber actors, how Microsoft innovatively uses legal and technical disruption to dismantle threats like Cobalt Strike and Storm-2139, and the growing trend of adversaries leveraging AI. From North Korean fake job interviews to China's critical infrastructure infiltration, this episode highlights how Microsoft is staying ahead of the curve—and sometimes even rewriting the playbook. In this episode you’ll learn: How targeting attacker techniques is more effective than chasing specific actors The surprising ways threat actors use AI—for productivity, not just deepfakes Why North Korean threat actors are building full-blown video games to drop malware Some questions we ask: What’s the role of Microsoft’s Digital Crimes Unit and how is it unique in the industry? Why should cybersecurity professionals read legal indictments? What impact did Microsoft’s legal actions have on tools like Cobalt Strike and Quakbot? Resources: View Jeremy Dallman on LinkedIn View Steven Masada on LinkedIn View Sherrod DeGrippo on LinkedIn Bold action against fraud: Disrupting Storm-1152 Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.