Recorded live at RSAC 2025, this special episode of the Microsoft Threat Intelligence Podcast, hosted by Sherrod DeGrippo, brings together Jeremy Dallman from the Microsoft Threat Intelligence and Steven Masada from Microsoft’s Digital Crimes Unit.  

The panel explores the psychology and techniques behind nation-state and criminal cyber actors, how Microsoft innovatively uses legal and technical disruption to dismantle threats like Cobalt Strike and Storm-2139, and the growing trend of adversaries leveraging AI. From North Korean fake job interviews to China's critical infrastructure infiltration, this episode highlights how Microsoft is staying ahead of the curve—and sometimes even rewriting the playbook. 

In this episode you’ll learn:      

How targeting attacker techniques is more effective than chasing specific actors 

The surprising ways threat actors use AI—for productivity, not just deepfakes 

Why North Korean threat actors are building full-blown video games to drop malware 

Some questions we ask:     

What’s the role of Microsoft’s Digital Crimes Unit and how is it unique in the industry? 

Why should cybersecurity professionals read legal indictments? 

What impact did Microsoft’s legal actions have on tools like Cobalt Strike and Quakbot? 

Resources:  

View Jeremy Dallman on LinkedIn  

View Steven Masada on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

Bold action against fraud: Disrupting Storm-1152 

Related Microsoft Podcasts:                   

Afternoon Cyber Tea with Ann Johnson 

The BlueHat Podcast 

Uncovering Hidden Risks     

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Henning Rauch, to discuss Call of the Cyber Duty is a 42-hour global cybersecurity challenge hosted by Microsoft’s Kusto Detective Agency. The competition runs from 12:00 AM Coordinated Universal Time (UTC) on June 8, 2025, and ends at 12:00 AM UTC on June 18, 2025, at 10:00AM UTC. Once a team member opens the first case, they have 42 hours to complete it.Participants will solve a series of investigative puzzles using Kusto Query Language (KQL) — no prior Kusto experience required.  

This free, gamified threat-hunting experience is open to individuals and teams, with a $10,000 grand prize, an interactive mystery plot, and a Hall of Fame for the top solvers. Expect fun twists, real-world security skills, and even a surprise appearance by mentalist Lior Suchard or the illusive Professor Smoke!  

Later in the episode, Sherrod is joined by security researchers Anna Seitz and Rebecca Light to explore two evolving cyber threats. Anna breaks down the unprecedented collaboration between Russian state-affiliated threat actors Aqua Blizzard and Secret Blizzard, who are combining efforts to target Ukrainian military systems. Rebecca dives into the resurgence of DarkGate malware—this time delivered through a deceptive technique called ClickFix, which uses fake CAPTCHA-like prompts to trick users into activating malicious payloads.  

In this episode you’ll learn:      

What Kauzar V2 malware is and how it enables long-term remote access and data theft 

How Russian threat groups Aqua Blizzard and Secret Blizzard are collaborating 

Why DarkGate malware remains relevant thanks to its adaptability and evasion tactics 

Some questions we ask:     

Are Russian threat actors adopting cybercriminal tactics like initial access brokers? 

How does Kauzar V2 malware function, and why is it significant in this campaign? 

What is ClickFix, and how does it differ from typical malware delivery methods? 

Resources:  

View Henning Rauch on LinkedIn  

View Rebecca Light on LinkedIn  

View Anna Seitz on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

🕵️‍♀️ Register for the challenge (free!) 
https://detective.kusto.io/register 

🎬 Official trailer featuring Lior Suchard 
https://youtu.be/sPmTX0ZrnE 

🌐 Event homepage (info hub) 
https://detective.kusto.io 

Related Microsoft Podcasts:                   

Afternoon Cyber Tea with Ann Johnson 

The BlueHat Podcast 

Uncovering Hidden Risks     

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Anna Seitz and Megan Stalling to unpack new intelligence on the BadPilot Campaign, a sophisticated operation by a subgroup of Seashell Blizzard—also known as APT-44, Iridium, or Sandworm.  

The team explores how this subgroup, active since 2021, uses opportunistic access, remote management tools, and Tor based ShadowLink infrastructure to maintain covert control of compromised systems. They also examine trends across threat actor ecosystems, how tactics evolve through shared influence, and why network detection remains a key battleground in defending against persistent global threats. 

In this episode you’ll learn:      

How evolving network detection is helping stop threat actors 

Why Seashell Blizzard targets industrial control systems 

When fake Zoom links and meeting invites are used to lure victims into engagement 

Some questions we ask:     

Have North Korean hackers improved at social engineering lately? 

What’s this subgroup’s main goal when it comes to network attacks? 

Why would a group like this use such basic tactics instead of more advanced ones? 

Resources:  

View Megan Stalling on LinkedIn  

View Anna Seitz on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

BadPilot Campaign, Seashell Blizzard  

How Microsoft Names Threat Actors  

Related Microsoft Podcasts:                   

Afternoon Cyber Tea with Ann Johnson 

The BlueHat Podcast 

Uncovering Hidden Risks     

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Lauren Proehl, Sydney Marrone, and Jamie Williams to dig into the THOR Collective — a fresh, community-driven initiative bringing modern energy to threat intel. 

The group discusses the ongoing tension where developers focus on user-friendly design while security professionals aim to break things to prevent malicious use. They also dive into the THOR Collective, a community-driven initiative with open-source projects like Hearth and their twice-weekly Substack newsletter, Dispatch, which combines research, memes, and real-world lessons to uplift the InfoSec community. The conversation touches on the challenges of security, the disconnect between the public and understanding risks, and the need for more user-friendly, AI-driven security solutions that cater to various skill levels.

In this episode you’ll learn:     

Some questions we ask:    

Resources: 

View Lauren Proehl on LinkedIn

View Sydney Marrone on LinkedIn 

View Jamie Williams on LinkedIn 

View Sherrod DeGrippo on LinkedIn 

THOR Collective

Related Microsoft Podcasts:                  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts 

Get the latest threat intelligence insights and guidance at Microsoft Security Insider

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network. 

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Anna Seitz and Sarah Pfabe to dive into the activities of the Russian-aligned threat actor, Star Blizzard. 

Active since 2022, Star Blizzard recently shifted tactics by using WhatsApp for spear-phishing campaigns targeting government officials, NGOs, and academics. The team discusses how this change in approach may be a response to previous exposure of their tactics. They also explore the resilience of Star Blizzard, highlighting Microsoft's disruption of their operations, including the seizure of domains, and the ongoing threat posed by this actor despite legal actions. 

In this episode you’ll learn:     

Some questions we ask:    

Resources: 

View Sarah Pfabe on LinkedIn 

View Anna Seitz on LinkedIn 

View Sherrod DeGrippo on LinkedIn 

Related Microsoft Podcasts:                  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts 

Get the latest threat intelligence insights and guidance at Microsoft Security Insider

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network. 

In this special episode marking 50 years of Microsoft, host Sherrod DeGrippo is joined by Charlie Bell, Stephanie Calabrese, John Lambert, and Scott Woodgate to take a deeper look at Microsoft’s incredible journey in cybersecurity. 

They share their experiences and reflections on how the company has grown over the last five decades, from the early days of proprietary systems to the transformative rise of cloud computing and AI. As they celebrate this milestone, the conversation dives into the evolution of security practices, the development of key initiatives like the Microsoft Threat Intelligence Center and the Secure Future Initiative, and the culture of collaboration that has always been at the heart of Microsoft’s approach to tackling cybersecurity challenges. 

In this episode you’ll learn:     

Some questions we ask:    

Resources: 

View Charlie Bell on LinkedIn 

View Stephanie Calabrese on LinkedIn 

View John Lambert on LinkedIn 

View Scott Woodgate on LinkedIn 

View Sherrod DeGrippo on LinkedIn 

Related Microsoft Podcasts:                  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts 

Get the latest threat intelligence insights and guidance at Microsoft Security Insider

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by ransomware experts Allan Liska from Recorded Future and Jonathan Braley, Director of Threat Intelligence for IT-ISAC, to get a pulse check on the current state of ransomware.  

They discuss how ransomware has shifted from simple attacks, like Locky, to more sophisticated, high-stakes campaigns targeting entire networks and demanding millions of dollars. Allan and Jonathan also highlight the rise of ransomware-as-a-service, the emergence of big game hunting attacks, and the increasingly professionalized criminal ecosystem surrounding ransomware. The conversation further explores the psychological aspects of cybercrime, focusing on the mindset of ransomware operators—particularly in Eastern Europe and Russia—where the line between crime and business can often be blurred. 

In this episode you’ll learn:      

Some questions we ask:       

Resources:  

Related Microsoft Podcasts:                   

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Senior Microsoft Security Researcher Kajhon Soyini to explore the Luma Stealer cryptocurrency mining campaign targeting individual computers as part of a large-scale malvertising campaign. They discuss the sophisticated attack chain, which includes DLLs, clipboard malware, process injection via Explorer.exe, and how this impacted nearly one million devices around the globe.  

Kajhon explains how attackers use registry modifications, WMI event consumers, and obfuscation techniques like non-standard ports and reverse shells to maintain persistence and evade detection. The duo also covers Microsoft's defense efforts and the challenges of tracking down the origins of these attacks. 

In this episode you’ll learn:      

Some questions we ask:     

Resources:  

View Kajhon Soyini on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

Connect with Sherrod and the team at RSAC 

Related Microsoft Podcasts:                   

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by two Microsoft security researchers to analyze the latest Russian nation-sponsored cyber threat activity. They discuss how Russian threat actors—collectively referred to by Microsoft with the Blizzard suffix—are primarily targeting Ukraine and NATO member states, focusing on espionage, influence operations, and cyber disruption. The conversation covers Russia’s reliance on cybercrime infrastructure, the vulnerabilities of academic and IT supply chains, and the evolving tactics of groups like Secret Blizzard and Seashell Blizzard.  

In this episode you’ll learn:      

Some questions we ask:     

Resources:  

Related Microsoft Podcasts:                   

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by two expert guests to explore critical challenges in today’s evolving threat landscape. 

First, Sherrod sits down with Kelly Bissell, CVP of Fraud at Microsoft, to discuss the complexities of combating fraud and product abuse. Kelly digs into the unique challenges Microsoft faces, highlighting prevalent schemes such as crypto mining, tech support scams, and the exploitation of deepfakes. Kelly also shares insights into Microsoft’s proactive approach, including recent Azure policy changes and efforts to detect and prevent fraud across its services, especially those attempting to use the compute power for crypto mining. 

Later, Sherrod is joined by Priyanka Ramesha, Senior Threat Researcher on the Defender Experts team, to examine the rising risks of cloud-native attacks. They unpack why threat actors are increasingly targeting the cloud, exploiting its complexity, scalability, and common misconfigurations. Priyanka explains how attackers gain initial access through tactics like phishing, API exploitation, and OAuth abuse, and outlines their methods for credential theft, lateral movement, and data exfiltration. 

In this episode you’ll learn:      

Some questions we ask:     

Resources:  

View Kelly Bissell on LinkedIn   

View Priyanka Ramesha on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

Related Microsoft Podcasts:                   

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.