Protecting the Core: Securing Protection Relays in Modern Substations
Host Luke McNamara is joined by members of Mandiant Consulting's Operational Technology team (Chris Sistrunk, Seemant Bisht, and Anthony Candarini) to discuss their latest blog on securing assets in the energy grid.https://cloud.google.com/blog/topics/threat-intelligence/securing-protection-relays-modern-substations
--------
43:05
--------
43:05
The Rise of ClickFix
Dima Lenz (Security Engineer, Google Threat Intelligence Group) joins host Luke McNamara to discuss how threat actors have been using ClickFix to socially engineer users. Dima recounts the growth of this technique in 2024, some of the campaigns and actors that have leveraged it, and where it may be headed next.
--------
23:33
--------
23:33
Vishing in the Wild
Nick Guttilla and Emily Astranova, from Mandiant Consulting's Offensive Security team, join host Luke McNamara for an episode on voice-based phishing, or "vishing." Nick and Emily cover their respective blogs and experiences, diving into how they employ vishing techniques to social engineer organizations--both organically and using AI-powered voice cloning to mimic specific employees--during red team engagements. https://cloud.google.com/blog/topics/threat-intelligence/technical-analysis-vishing-threats?e=48754805https://cloud.google.com/blog/topics/threat-intelligence/ai-powered-voice-spoofing-vishing-attacks?e=48754805.
--------
37:48
--------
37:48
Responding to a DPRK ITW Incident
JP Glab (Mandiant Consulting) joins host Luke to discuss responding to activity from North Korean IT workers. He walks through what initially triggered the investigation at this organization, how it progressed in parallel with an HR investigation, and ultimately what was discovered. For more on the DPRK IT workers and trends in incident response, check out Mandiant's 2025 M-Trends report. https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025
--------
16:35
--------
16:35
UNC5221 and The Targeting of Ivanti Connect Secure VPNs
Matt Lin (Senior Incident Response Consultant, Mandiant) and Daniel Spicer (Chief Security Officer, Ivanti) dive into the research and response of UNC5221's campaigns against Ivanti. They cover how this threat actor has evolved from earlier campaigns, the continued focus of edge infrastructure by APT actors, and the shared responsibility of security in mitigating threats like this. https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerabilityhttps://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-dayhttps://www.ivanti.com/blog/an-update-on-ivantis-ongoing-commitment-to-enhanced-product-securityhttps://www.ivanti.com/resources/secure-by-design/2024https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends?e=48754805
Learn about the latest threat and cybersecurity trends on The Defender’s Advantage Podcast! Hear from experts in the field as Host Luke McNamara, from Google Threat Intelligence Group, interviews analysts, researchers and other guests on the frontlines of the latest attacks. Episodes dive deep into various topics, including nation-state activity, cybercrime, malware and tradecraft, incident response, defensive guidance, and more. Don't forget to subscribe!