
Open SesameOp: Abusing trusted AI platforms to host a C2 server
From Microsoft Threat Intelligence Podcast by Microsoft
January 14, 2026 · 36 min · Season 3 · Episode 60
About this episode
The episode discusses the abuse of trusted AI platforms for command-and-control by threat actors and the evolving tactics of ransomware groups.
To kick off Season 3 of Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Microsoft security researchers Anna Seitz and Jonathan Checchi. Our guests examine two developments shaping today’s threat landscape: the cloud-native evolution of ransomware group Storm-0501 and the SesameOp backdoor’s abuse of trusted AI platforms for stealthy command-and-control. The discussion highlights how identity, hybrid-cloud pivot points, and federated authentication enable high-impact attacks without traditional malware, and why policy-compliant platform abuse is becoming harder to detect. Sherrod, Anna, and Jonathan provide guidance for defenders around enforcing MFA, tightening conditional access and identity controls, monitoring across cloud and on-prem environments, and partnering with platform providers to disrupt emerging attacker tradecraft. In this episode you’ll learn: What happens when threat actors gain control of highly privileged identities Why monitoring identity behavior is as critical as monitoring endpoints How attacker tactics are adapting to environments that blend cloud and on-prem systems Some questions we ask: What does recent threat activity tell…
People in this episode
Host: Sherrod DeGrippo
Guests: Anna Seitz, Jonathan Checchi
Topics covered
- cloud-native ransomware
- AI platform abuse
- command-and-control
- identity monitoring
- federated authentication
- high-impact attacks
Keywords
- ransomware
- cloud security
- identity management
- AI integration
- MFA
- conditional access
- threat landscape
Mentioned in this episode
Organizations: Microsoft, Storm-0501, SesameOp
More episodes of Microsoft Threat Intelligence Podcast
- Supply Chain Attacks: Open Source or Open Door? · June 3, 2026 · 39 min
- Eviltokens: A Conversation with Huntress on an AI‑Enabled Device Code Phishing Campaign · May 20, 2026 · 42 min
- Russia’s Forest Blizzard Is Abusing Home + Small Office Routers for Cred Theft · May 6, 2026 · 52 min
- The Cybercrime Shift: From Opportunistic Attacks to Marketplace-Driven Ecosystem · April 22, 2026 · 40 min
- Ransomware: From Isolated Attacks to Global Criminal Ecosystem · April 8, 2026 · 48 min
- Winter SHIELD: Closing the Security Control Gap · March 25, 2026 · 37 min
Explore listener stats, chart rankings, contacts and more on the Microsoft Threat Intelligence Podcast podcast page.