In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Tori Murphy, Anna Seitz, and Chuong Dong to break down two threats: the modular backdoor PipeMagic and Medusa ransomware. They discuss how PipeMagic disguises itself as a ChatGPT desktop app to deliver malware, its sophisticated modular design, and what defenders can do to detect it.  

The team also explores Medusa’s evolution into a ransomware-as-a-service model, its use of double extortion tactics, and the broader threat landscape shaped by ransomware groups, social engineering, and the abuse of legitimate tools.  

In this episode you’ll learn:      

Why modular malware is harder to detect and defend against 

How attackers abuse vulnerable drivers to disable security tools 

Why leak sites play a central role in ransomware operations 

Some questions we ask:     

How did Microsoft researchers uncover PipeMagic in the wild? 

Why do ransomware groups often borrow names and themes from mythology? 

What initial access techniques are commonly associated with Medusa attacks? 

Resources:  

View Anna Seitz on LinkedIn 

View Chuong Dong on LinkedIn   

View Sherrod DeGrippo on LinkedIn  

Related Microsoft Podcasts:                   

Afternoon Cyber Tea with Ann Johnson 

The BlueHat Podcast 

Uncovering Hidden Risks     

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.