Microsoft Threat Intelligence Podcast

To kick off Season 3 of Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Microsoft security researchers Anna Seitz and Jonathan Checchi.   Our guests examine two developments shaping today’s threat landscape: the cloud-native evolution of ransomware group Storm-0501 and the SesameOp backdoor’s abuse of trusted AI platforms for stealthy command-and-control. The discussion highlights how identity, hybrid-cloud pivot points, and federated authentication enable high-impact attacks without traditional malware, and why policy-compliant platform abuse is becoming harder to detect.   Sherrod, Anna, and Jonathan provide guidance for defenders around enforcing MFA, tightening conditional access and identity controls, monitoring across cloud and on-prem environments, and partnering with platform providers to disrupt emerging attacker tradecraft.  In this episode you’ll learn:       What happens when threat actors gain control of highly privileged identities  Why monitoring identity behavior is as critical as monitoring endpoints  How attacker tactics are adapting to environments that blend cloud and on-prem systems   Some questions we ask:      What does recent threat activity tell us about where the landscape is headed?  How is Storm-0501 using federated authentication in their operations?  What should security teams focus on as AI becomes more integrated into systems?  Resources:   View Anna Seitz on LinkedIn   View Sherrod DeGrippo on LinkedIn    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by security researchers Geoff McDonald and JBO to discuss Whisper Leak, new research showing that encrypted AI traffic can still unintentionally reveal what a user is asking about through patterns in packet size and timing.   They explain how LLM token streaming enables this kind of side-channel attack, why even well-encrypted conversations can be classified for sensitive topics, and what this means for privacy, national-level surveillance risks, and secure product design. The conversation also walks through how the study was conducted, what patterns emerged across different AI models, and the steps developers should take to mitigate these risks.  In this episode you’ll learn:       Why packet sizes and timing patterns reveal more information than most users realize  How user-experience choices like showing streamed text create a larger attack surface  The difference between classic timing attacks and the new risks uncovered in Whisper Leak    Resources:   View JBO on LinkedIn  View Geoff McDonald on LinkedIn    View Sherrod DeGrippo on LinkedIn    Learn more about Whisper Leak     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Matt Duncan, Vice President of Security Operations and Intelligence at the North American Electric Reliability Corporation’s E-ISAC, to explore the cyber threats targeting the North American power grid. Matt breaks down why the grid remains resilient despite increasing pressure from nation-states, cybercriminals, and hacktivists, how AI is lowering the barrier of entry for attackers, and why OT systems and interconnected devices present unique risks.   He also highlights real success stories, the value of large-scale grid exercises, and how strong collaboration and a focus on foundational security practices help defenders keep power flowing safely and reliably.    In this episode you’ll learn:       How severe weather events trigger heightened cyber-readiness across utilities  What motivates hacktivist groups and how their tactics differ from other threat actors  Why outdated equipment and legacy systems remain such attractive targets  Some questions we ask:      Are you seeing more educated and capable OT-focused adversaries now?  How do you work with policymakers to help them understand these threats?  If you could eliminate one misconception about securing the grid, what would it be?    Resources:   View Matt Duncan on LinkedIn   View Sherrod DeGrippo on LinkedIn   Learn more about E-ISAC    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by security researchers Tori Murphy and Anna Seitz to unpack two financially motivated cyber threats. First, they explore the Payroll Pirates campaign (Storm 2657), which targets university payroll systems through phishing and MFA theft to reroute direct deposits. Then, they examine Vanilla Tempest, a ransomware group abusing fraudulent Microsoft Teams installers and SEO poisoning to deliver the Oyster Backdoor and Recita ransomware.   Together, they discuss how attackers exploit trust in identity, code signing, and SaaS platforms and share practical steps organizations can take to strengthen defenses, from phishing-resistant MFA to stricter executable controls and out-of-band banking verification.  In this episode you’ll learn:       How Payroll Pirates diverted university salaries through SaaS HR phishing schemes  Why universities are prime targets for identity-based cyberattacks  How Vanilla Tempest evolved from basic ransomware to complex multi-stage attacks  Some questions we ask:      How are attackers stealing credentials and paychecks?  Why do attackers create inbox rules after compromising accounts?  What alerts should organizations monitor for these types of attacks?  Resources:   View Tori Murphy on LinkedIn   View Anna Seitz on LinkedIn  View Sherrod DeGrippo on LinkedIn   Investigating targeted “payroll pirate” attacks affecting US universities  Microsoft Threat Intelligence healthcare ransomware report highlights need for collective industry action    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Zack Korman, CTO of cybersecurity startup Pistachio. They explore the reality of AI in security, cutting through hype to discuss where AI is both brilliant and flawed, how vendors AI-wash outdated tech, and why Zack believes AI won’t replace jobs but instead scale human creativity. They also dive into phishing simulations, human psychology behind social engineering, AI-powered attacks, jailbreak chaining between AI systems, and the future risks and opportunities AI introduces in cybersecurity.   In this episode you’ll learn:       How to evaluate whether a vendor is truly using AI in their product  The psychology behind why people fall for phishing attacks  Why human judgment will remain essential in the era of AI-driven security.  Some questions we ask:      How can AI unlock new capabilities in cybersecurity?  What questions should people ask AI security vendors?  Why do trained security professionals still fall for phishing attacks?  Resources:   View Zack Korman on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.