Microsoft Threat Intelligence Podcast

• Click, Call, Compromise: Inside the Latest Loader Campaigns

  In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Microsoft researchers Kelsey Clapp and Anna Seitz to examine two major cybercrime campaigns. The team unpacks Storm 2561’s use of SEO poisoning to distribute Trojanized software like SilentRoute and Bumblebee, stealing VPN credentials and paving the way for ransomware brokers.  They also dive into Storm 1811’s ReadBed malware, a loader deployed through bold social engineering tactics, such as fake IT help desk calls via Teams, that enable lateral movement and ransomware deployment. The discussion highlights how modern threat actors exploit trust, extend attack chains, and continually evolve their techniques, underscoring the importance of vigilance, strong security controls, and verifying before trusting. In this episode you’ll learn:      How Storm 2561 uses SEO poisoning to trick users into downloading Trojanized software The role of trust, urgency, and habit in social engineering tactics Practical steps organizations can take to block these threats and strengthen defenses Some questions we ask:     Why are initial access loaders such a big risk for organizations? How are threat actors using fake IT help desk calls to gain access? What steps should defenders take to cut off these entry points? Resources:  View Anna Seitz on LinkedIn View Kelsey Clapp on LinkedIn  View Sherrod DeGrippo on LinkedIn  Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

  --------  

  28:58

  --------

  28:58
• Live from Black Hat: Ransomware, Responsible Disclosure, and the Rise of AI

  In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is live from Black Hat 2025 with a special lineup of Microsoft security leaders and researchers. First, Sherrod sits down with Tom Gallagher, VP of Engineering and head of the Microsoft Security Response Center (MSRC). Tom shares how his team works with researchers worldwide, why responsible disclosure matters, and how programs like Zero Day Quest (ZDQ) are shaping the future of vulnerability research in cloud and AI security. He also announced the next iteration of ZTQ with $5 million up for grabs. Next, Sherrod is joined by Eric Baller (Senior Security Researcher) and Eric Olson (Principal Security Researcher) to unpack the fast-changing ransomware landscape. From dwell time collapsing from weeks to minutes, to the growing role of access brokers, they explore how attackers operate as organized ecosystems and how defenders can respond. Finally, Sherrod welcomes Travis Schack (Principal Security Researcher) alongside Eric Olson to examine the mechanics of social engineering. They discuss how attackers exploit urgency, trust, and human curiosity, why AI is supercharging phishing campaigns, and how defenders can fight back with both training and technology. In this episode you’ll learn:     How MSRC partners with researchers across 59 countries to protect customers Why Zero Day Quest is accelerating vulnerability discovery in cloud and AI How ransomware dwell times have shrunk from days to under an hour Resources: View Sherrod DeGrippo on LinkedIn  Zero Day Quest — Microsoft Microsoft Security Response Center Blog Related Microsoft Podcasts:   Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

  --------  

  43:56

  --------

  43:56
• How Microsoft Stays Ahead of the World’s Most Dangerous Hackers

  In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Aarti Borkar, Simeon Kakpovi, and Andrew Rapp for a behind-the-scenes look at how Microsoft Threat Intelligence and Microsoft Incident Response teams collaborate as part of a closed-loop system, the emotional toll of breaches, and how organizations of any size can build resilience through preparation and psychological safety. By listening to this segment, you’ll get a preview of what this group brought to the main stage of Black Hat this year.  Later, Sherrod chats with Snow, co-founder of the Social Engineering Community Village at DEF CON, about her journey from special effects makeup to elite social engineer, and how empathy, creativity, and even a ladder can be powerful tools in physical security testing.  In this episode you’ll learn:       How Microsoft’s Digital Crimes Unit uses legal tactics to disrupt threat actors  Why rehearsing your incident response plan can save weeks of recovery time  How AI is being trained to make social engineering phone calls on its own  Some questions we ask:      How would you describe the overall health of the global cybersecurity landscape?  Why does tailoring AI prompts sometimes feel like social engineering?  What is the feedback loop between incident response, intelligence, and product protections?    Resources:   View Aarti Borkar on LinkedIn  View Simeon Kakpovi on LinkedIn   View Andrew Rapp on LinkedIn    View Sherrod DeGrippo on LinkedIn   Microsoft at Black Hat USA 2025    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

  --------  

  1:17:33

  --------

  1:17:33
• Inside Microsoft’s Global Operation to Disrupt Lumma Stealer’s 2,300-Domain Malware Network

  In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Richard Boscovich and Derek Richardson from Microsoft’s Digital Crimes Unit to unpack the global takedown of Lumma Stealer, one of the world’s largest infostealer malware operations. They discuss how creative legal tools like RICO and centuries-old trespass laws, deep collaboration with global partners, and innovative technical strategies came together to seize 2,300 domains and protect nearly 400,000 victims. The episode explores how the DCU is shifting toward persistent, cost-imposing disruption of cybercrime as a service, and what this means for defenders everywhere.    In this episode you’ll learn:       How Microsoft took down one of the world’s largest infostealer malware operations  The global partnerships with Europol, Japan, and private companies in cyber takedowns  What happens to stolen victim data during a takedown operation    Some questions we ask:      How did you first identify Lumma as a high-priority threat?  Is persistent disruption now the new normal for DCU operations?  Do you see more operations like this coming from DCU in the future?    Resources:   View Richard Boscovich on LinkedIn   View Sherrod DeGrippo on LinkedIn   Disrupting Lumma Stealer: Microsoft Leads Global Action Against Favored Cybercrime Tool    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

  --------  

  45:19

  --------

  45:19
• Tips from Grifter and Lintile for Attending Hacker Summer Camp

  In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Grifter, the legendary Black Hat NOC lead, and Lintile, host of Hacker Jeopardy, to go behind the scenes of DEF CON and Black Hat. They unpack the chaos of managing the world’s most hostile networks, share advice for first-time attendees, and explore the vibrant hacker community that thrives on connection, contests, and lifelong friendships. The conversation also covers how to submit compelling CFP abstracts, why live events matter, and the controlled mayhem that defines Hacker Jeopardy each year in Las Vegas.  Heading to Black Hat? Join us at booth #2246 where we will be recording new episodes, and request to attend the VIP Mixer. We’ll also be hosting the BlueHat podcast, our friends from GitHub, and experts from our incident response team.  In this episode you’ll learn:       Why skipping talks at DEF CON to join contests and villages can be more valuable  Tips for crafting compelling CFP abstracts that stand out among 1,000+ submissions  The importance of connection and niche technical discussions in the hacker community    Some questions we ask:      What advice would you give to someone who has never been to DEF CON?  How does the team plan traps and misdirection in Hacker Jeopardy questions?  What do you think the community should focus on getting out of DEF CON?  Resources:   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider  The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

  --------  

  1:33:18

  --------

  1:33:18

More Business podcasts

Trending Business podcasts

About Microsoft Threat Intelligence Podcast

Microsoft Threat Intelligence Podcast: Podcasts in Family