Threat Landscape Update: Ransomware-as-a-Service and Advanced Modular Malware
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Tori Murphy, Anna Seitz, and Chuong Dong to break down two threats: the modular backdoor PipeMagic and Medusa ransomware. They discuss how PipeMagic disguises itself as a ChatGPT desktop app to deliver malware, its sophisticated modular design, and what defenders can do to detect it.
The team also explores Medusa’s evolution into a ransomware-as-a-service model, its use of double extortion tactics, and the broader threat landscape shaped by ransomware groups, social engineering, and the abuse of legitimate tools.
In this episode you’ll learn:
Why modular malware is harder to detect and defend against
How attackers abuse vulnerable drivers to disable security tools
Why leak sites play a central role in ransomware operations
Some questions we ask:
How did Microsoft researchers uncover PipeMagic in the wild?
Why do ransomware groups often borrow names and themes from mythology?
What initial access techniques are commonly associated with Medusa attacks?
Resources:
View Anna Seitz on LinkedIn
View Chuong Dong on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
--------
30:31
--------
30:31
Stopping Domain Impersonation with AI
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Kelly Bissell, Corporate Vice President at Microsoft, to explore how domain impersonation and typosquatting are changing in the age of AI.
They discuss how attackers are increasingly using AI and bots to scale online deception, why this tactic is so effective, and how Microsoft is countering cutting-edge defenses like Siamese neural networks to detect fraudulent domains in real time. Kelly shares insights on the massive scale of these threats, the shift toward defender advantage, and the broader implications for securing organizations worldwide.
In this episode you’ll learn:
How attackers use AI and bots to scale domain impersonation and typosquatting
Why defenders may finally have the higher ground in the fight against online fraud
How Microsoft’s Siamese neural network model detects fraudulent domains in real time
Some questions we ask:
What excites you most about this new detection approach?
How do fake domains fit into a larger social engineering chain?
What indicators should defenders watch for in typosquatting domains?
Resources:
View Kelly Bissell on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
--------
26:00
--------
26:00
Click, Call, Compromise: Inside the Latest Loader Campaigns
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Microsoft researchers Kelsey Clapp and Anna Seitz to examine two major cybercrime campaigns. The team unpacks Storm 2561’s use of SEO poisoning to distribute Trojanized software like SilentRoute and Bumblebee, stealing VPN credentials and paving the way for ransomware brokers.
They also dive into Storm 1811’s ReadBed malware, a loader deployed through bold social engineering tactics, such as fake IT help desk calls via Teams, that enable lateral movement and ransomware deployment. The discussion highlights how modern threat actors exploit trust, extend attack chains, and continually evolve their techniques, underscoring the importance of vigilance, strong security controls, and verifying before trusting.
In this episode you’ll learn:
How Storm 2561 uses SEO poisoning to trick users into downloading Trojanized software
The role of trust, urgency, and habit in social engineering tactics
Practical steps organizations can take to block these threats and strengthen defenses
Some questions we ask:
Why are initial access loaders such a big risk for organizations?
How are threat actors using fake IT help desk calls to gain access?
What steps should defenders take to cut off these entry points?
Resources:
View Anna Seitz on LinkedIn
View Kelsey Clapp on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
--------
28:58
--------
28:58
Live from Black Hat: Ransomware, Responsible Disclosure, and the Rise of AI
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is live from Black Hat 2025 with a special lineup of Microsoft security leaders and researchers.
First, Sherrod sits down with Tom Gallagher, VP of Engineering and head of the Microsoft Security Response Center (MSRC). Tom shares how his team works with researchers worldwide, why responsible disclosure matters, and how programs like Zero Day Quest (ZDQ) are shaping the future of vulnerability research in cloud and AI security. He also announced the next iteration of ZTQ with $5 million up for grabs.
Next, Sherrod is joined by Eric Baller (Senior Security Researcher) and Eric Olson (Principal Security Researcher) to unpack the fast-changing ransomware landscape. From dwell time collapsing from weeks to minutes, to the growing role of access brokers, they explore how attackers operate as organized ecosystems and how defenders can respond.
Finally, Sherrod welcomes Travis Schack (Principal Security Researcher) alongside Eric Olson to examine the mechanics of social engineering. They discuss how attackers exploit urgency, trust, and human curiosity, why AI is supercharging phishing campaigns, and how defenders can fight back with both training and technology.
In this episode you’ll learn:
How MSRC partners with researchers across 59 countries to protect customers
Why Zero Day Quest is accelerating vulnerability discovery in cloud and AI
How ransomware dwell times have shrunk from days to under an hour
Resources:
View Sherrod DeGrippo on LinkedIn
Zero Day Quest — Microsoft
Microsoft Security Response Center Blog
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
--------
43:56
--------
43:56
How Microsoft Stays Ahead of the World’s Most Dangerous Hackers
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Aarti Borkar, Simeon Kakpovi, and Andrew Rapp for a behind-the-scenes look at how Microsoft Threat Intelligence and Microsoft Incident Response teams collaborate as part of a closed-loop system, the emotional toll of breaches, and how organizations of any size can build resilience through preparation and psychological safety. By listening to this segment, you’ll get a preview of what this group brought to the main stage of Black Hat this year.
Later, Sherrod chats with Snow, co-founder of the Social Engineering Community Village at DEF CON, about her journey from special effects makeup to elite social engineer, and how empathy, creativity, and even a ladder can be powerful tools in physical security testing.
In this episode you’ll learn:
How Microsoft’s Digital Crimes Unit uses legal tactics to disrupt threat actors
Why rehearsing your incident response plan can save weeks of recovery time
How AI is being trained to make social engineering phone calls on its own
Some questions we ask:
How would you describe the overall health of the global cybersecurity landscape?
Why does tailoring AI prompts sometimes feel like social engineering?
What is the feedback loop between incident response, intelligence, and product protections?
Resources:
View Aarti Borkar on LinkedIn
View Simeon Kakpovi on LinkedIn
View Andrew Rapp on LinkedIn
View Sherrod DeGrippo on LinkedIn
Microsoft at Black Hat USA 2025
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Join us to hear stories from the Microsoft Threat Intelligence community as they navigate the ever-evolving threat landscape - uncovering APTs, cybercrime gangs, malware, vulnerabilities, and other weird and cool tools and tactics in the world of cyber threats. Featuring tales of innovation, teamwork, and cyber espionage, tune in to hear in-depth analyses of Microsoft's influence on the threat landscape and behind the scenes stories from the tireless researchers and analysts that take part. This enthralling and insightful podcast is delivered in a casual, conversational style that transports you to the frontlines of cyber defense.