In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Henning Rauch, to discuss Call of the Cyber Duty is a 42-hour global cybersecurity challenge hosted by Microsoft’s Kusto Detective Agency. The competition runs from 12:00 AM Coordinated Universal Time (UTC) on June 8, 2025, and ends at 12:00 AM UTC on June 18, 2025, at 10:00AM UTC. Once a team member opens the first case, they have 42 hours to complete it.Participants will solve a series of investigative puzzles using Kusto Query Language (KQL) — no prior Kusto experience required.
This free, gamified threat-hunting experience is open to individuals and teams, with a $10,000 grand prize, an interactive mystery plot, and a Hall of Fame for the top solvers. Expect fun twists, real-world security skills, and even a surprise appearance by mentalist Lior Suchard or the illusive Professor Smoke!
Later in the episode, Sherrod is joined by security researchers Anna Seitz and Rebecca Light to explore two evolving cyber threats. Anna breaks down the unprecedented collaboration between Russian state-affiliated threat actors Aqua Blizzard and Secret Blizzard, who are combining efforts to target Ukrainian military systems. Rebecca dives into the resurgence of DarkGate malware—this time delivered through a deceptive technique called ClickFix, which uses fake CAPTCHA-like prompts to trick users into activating malicious payloads.
In this episode you’ll learn:
What Kauzar V2 malware is and how it enables long-term remote access and data theft
How Russian threat groups Aqua Blizzard and Secret Blizzard are collaborating
Why DarkGate malware remains relevant thanks to its adaptability and evasion tactics
Some questions we ask:
Are Russian threat actors adopting cybercriminal tactics like initial access brokers?
How does Kauzar V2 malware function, and why is it significant in this campaign?
What is ClickFix, and how does it differ from typical malware delivery methods?
Resources:
View Henning Rauch on LinkedIn
View Rebecca Light on LinkedIn
View Anna Seitz on LinkedIn
View Sherrod DeGrippo on LinkedIn
🕵️♀️ Register for the challenge (free!) https://detective.kusto.io/register
🎬 Official trailer featuring Lior Suchard https://youtu.be/sPmTX0ZrnE
🌐 Event homepage (info hub) https://detective.kusto.io
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
--------
31:50
BadPilot: Inside Seashell Blizzard’s (AKA Sandworm) Global Cyber Espionage Campaign
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Anna Seitz and Megan Stalling to unpack new intelligence on the BadPilot Campaign, a sophisticated operation by a subgroup of Seashell Blizzard—also known as APT-44, Iridium, or Sandworm.
The team explores how this subgroup, active since 2021, uses opportunistic access, remote management tools, and Tor based ShadowLink infrastructure to maintain covert control of compromised systems. They also examine trends across threat actor ecosystems, how tactics evolve through shared influence, and why network detection remains a key battleground in defending against persistent global threats.
In this episode you’ll learn:
How evolving network detection is helping stop threat actors
Why Seashell Blizzard targets industrial control systems
When fake Zoom links and meeting invites are used to lure victims into engagement
Some questions we ask:
Have North Korean hackers improved at social engineering lately?
What’s this subgroup’s main goal when it comes to network attacks?
Why would a group like this use such basic tactics instead of more advanced ones?
Resources:
View Megan Stalling on LinkedIn
View Anna Seitz on LinkedIn
View Sherrod DeGrippo on LinkedIn
BadPilot Campaign, Seashell Blizzard
How Microsoft Names Threat Actors
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
--------
40:45
Inside THOR Collective, a Dispersed Team Delivering Open-Source Research
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Lauren Proehl, Sydney Marrone, and Jamie Williams to dig into the THOR Collective — a fresh, community-driven initiative bringing modern energy to threat intel.
The group discusses the ongoing tension where developers focus on user-friendly design while security professionals aim to break things to prevent malicious use. They also dive into the THOR Collective, a community-driven initiative with open-source projects like Hearth and their twice-weekly Substack newsletter, Dispatch, which combines research, memes, and real-world lessons to uplift the InfoSec community. The conversation touches on the challenges of security, the disconnect between the public and understanding risks, and the need for more user-friendly, AI-driven security solutions that cater to various skill levels.
In this episode you’ll learn:
The value of consistently publishing high-quality content
How the THOR Collective addresses this issue through innovative and digestible content
The importance of making complex InfoSec topics approachable for different experience levels
Some questions we ask:
What’s going on with the rise in toll scam text messages?
Why has social engineering remained such a successful tactic for threat actors?
How does THOR Collective welcome new voices in InfoSec, and why is this crucial in today’s security landscape?
Resources:
View Lauren Proehl on LinkedIn
View Sydney Marrone on LinkedIn
View Jamie Williams on LinkedIn
View Sherrod DeGrippo on LinkedIn
THOR Collective
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
--------
41:17
Star Blizzard Shifts Tactics to Spear-Phishing on Whatsapp
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Anna Seitz and Sarah Pfabe to dive into the activities of the Russian-aligned threat actor, Star Blizzard.
Active since 2022, Star Blizzard recently shifted tactics by using WhatsApp for spear-phishing campaigns targeting government officials, NGOs, and academics. The team discusses how this change in approach may be a response to previous exposure of their tactics. They also explore the resilience of Star Blizzard, highlighting Microsoft's disruption of their operations, including the seizure of domains, and the ongoing threat posed by this actor despite legal actions.
In this episode you’ll learn:
Why threat actors like Star Blizzard are highly resilient and quickly adapting
What steps users take to avoid falling victim to mobile malware
Challenges of monitoring WhatsApp activity and why this platform has become a target
Some questions we ask:
What role do QR codes play in Star Blizzard’s phishing campaigns?
Why do you think phishing continues to be the number one access vector?
How resilient is Star Blizzard when facing disruptions like domain seizures or legal actions?
Resources:
View Sarah Pfabe on LinkedIn
View Anna Seitz on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
--------
38:41
Microsoft’s 50th Anniversary: Security Then and Now
In this special episode marking 50 years of Microsoft, host Sherrod DeGrippo is joined by Charlie Bell, Stephanie Calabrese, John Lambert, and Scott Woodgate to take a deeper look at Microsoft’s incredible journey in cybersecurity.
They share their experiences and reflections on how the company has grown over the last five decades, from the early days of proprietary systems to the transformative rise of cloud computing and AI. As they celebrate this milestone, the conversation dives into the evolution of security practices, the development of key initiatives like the Microsoft Threat Intelligence Center and the Secure Future Initiative, and the culture of collaboration that has always been at the heart of Microsoft’s approach to tackling cybersecurity challenges.
In this episode you’ll learn:
How Microsoft evolved to lead the charge in cloud computing and AI
Why Microsoft's security efforts have influenced the broader tech industry
The evolution of Microsoft’s security, from XP Service Pack 2 to the Secure Future Initiative
Some questions we ask:
How did the company’s culture and products impact you early on?
How have you seen Microsoft’s prioritization toward cybersecurity create change?
Resources:
View Charlie Bell on LinkedIn
View Stephanie Calabrese on LinkedIn
View John Lambert on LinkedIn
View Scott Woodgate on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Join us to hear stories from the Microsoft Threat Intelligence community as they navigate the ever-evolving threat landscape - uncovering APTs, cybercrime gangs, malware, vulnerabilities, and other weird and cool tools and tactics in the world of cyber threats. Featuring tales of innovation, teamwork, and cyber espionage, tune in to hear in-depth analyses of Microsoft's influence on the threat landscape and behind the scenes stories from the tireless researchers and analysts that take part. This enthralling and insightful podcast is delivered in a casual, conversational style that transports you to the frontlines of cyber defense.
UK