The Microsoft Threat Intelligence Podcast

A Peek Inside Microsoft’s Global Fight Against Cyber Threats

Recorded live at RSAC 2025, this special episode of the Microsoft Threat Intelligence Podcast, hosted by⁠ ⁠⁠Sherrod DeGrippo,⁠ brings together ⁠Jeremy Dallman⁠ from the Microsoft Threat Intelligence and ⁠Steven Masada⁠ from Microsoft’s Digital Crimes Unit. The panel explores the psychology and techniques behind nation-state and criminal cyber actors, how Microsoft innovatively uses legal and technical disruption to dismantle threats like Cobalt Strike and Storm-2139, and the growing trend of adversaries leveraging AI. From North Korean fake job interviews to China's critical infrastructure infiltration, this episode highlights how Microsoft is staying ahead of the curve—and sometimes even rewriting the playbook.

Call of the Cyber Duty (A Global Cyber Challenge)

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo⁠ is joined by ⁠Henning Rauch⁠, to discuss ⁠Call of the Cyber Duty⁠ is a 42-hour global cybersecurity challenge hosted by Microsoft’s Kusto Detective Agency. The competition runs from 12:00 AM Coordinated Universal Time (UTC) on June 8, 2025, and ends at 12:00 AM UTC on June 18, 2025, at 10:00AM UTC. Once a team member opens the first case, they have 42 hours to complete it.Participants will solve a series of investigative puzzles using Kusto Query Language (KQL) — no prior Kusto experience required.   This free, gamified threat-hunting experience is open to individuals and teams, with a $10,000 grand prize, an interactive mystery plot, and a Hall of Fame for the top solvers. Expect fun twists, real-world security skills, and even a surprise appearance by mentalist Lior Suchard or the illusive Professor Smoke! Later in the episode, Sherrod is joined by security researchers ⁠Anna Seitz⁠ and ⁠Rebecca Light⁠ to explore two evolving cyber threats. Anna breaks down the unprecedented collaboration between Russian state-affiliated threat actors Aqua Blizzard and Secret Blizzard, who are combining efforts to target Ukrainian military systems. Rebecca dives into the resurgence of DarkGate malware—this time delivered through a deceptive technique called ClickFix, which uses fake CAPTCHA-like prompts to trick users into activating malicious payloads.

BadPilot: Inside Seashell Blizzard’s (AKA Sandworm) Global Cyber Espionage Campaign

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo⁠ is joined by security researchers ⁠Anna Seitz⁠ and ⁠Megan Stalling⁠ to unpack new intelligence on the BadPilot Campaign, a sophisticated operation by a subgroup of Seashell Blizzard—also known as APT-44, Iridium, or Sandworm. The team explores how this subgroup, active since 2021, uses opportunistic access, remote management tools, and Tor based ShadowLink infrastructure to maintain covert control of compromised systems. They also examine trends across threat actor ecosystems, how tactics evolve through shared influence, and why network detection remains a key battleground in defending against persistent global threats.

Inside THOR Collective, a Dispersed Team Delivering Open-Source Research

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo⁠ is joined by ⁠Lauren Proehl⁠, ⁠Sydney Marrone⁠, and ⁠Jamie Williams⁠ to dig into the THOR Collective — a fresh, community-driven initiative bringing modern energy to threat intel. The group discusses the ongoing tension where developers focus on user-friendly design while security professionals aim to break things to prevent malicious use. They also dive into the THOR Collective, a community-driven initiative with open-source projects like Hearth and their twice-weekly Substack newsletter, Dispatch, which combines research, memes, and real-world lessons to uplift the InfoSec community. The conversation touches on the challenges of security, the disconnect between the public and understanding risks, and the need for more user-friendly, AI-driven security solutions that cater to various skill levels.

Star Blizzard Shifts Tactics to Spear-Phishing on Whatsapp

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Anna Seitz and Sarah Pfabe to dive into the activities of the Russian-aligned threat actor, Star Blizzard. Active since 2022, Star Blizzard recently shifted tactics by using WhatsApp for spear-phishing campaigns targeting government officials, NGOs, and academics. The team discusses how this change in approach may be a response to previous exposure of their tactics. They also explore the resilience of Star Blizzard, highlighting Microsoft's disruption of their operations, including the seizure of domains, and the ongoing threat posed by this actor despite legal actions.