The Microsoft Threat Intelligence Podcast

Supply Chain Attacks: Open Source or Open Door?

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠⁠Sherrod DeGrippo⁠ is joined by Allie Luhrs and Mario Samolis from Microsoft Security to explore the growing threat of open source software supply chain attacks. They discuss how malicious NPM packages, compromised developer ecosystems, AI-generated attacks, and software dependency risks are reshaping modern incident response, while sharing insights from their recent presentation at BlueHat IL 2025.

Transcript

Eviltokens: A Conversation with Huntress on an AI‑Enabled Device Code Phishing Campaign

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠⁠Sherrod DeGrippo⁠ joins researchers from Huntress to break down the rise of ⁠EvilTokens⁠, an AI-powered phishing-as-a-service platform designed to bypass MFA and automate credential theft at scale. Together, they explore how attackers are leveraging legitimate authentication flows, trusted infrastructure, and AI-generated phishing lures to blend malicious activity into normal enterprise traffic. The conversation also examines how modern phishing operations have evolved into highly professionalized cybercrime ecosystems and what defenders must do to adapt their identity security strategies.

Transcript

Russia’s Forest Blizzard Is Abusing Home + Small Office Routers for Cred Theft

This week on the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠⁠Sherrod DeGrippo⁠ speaks with Danny Adamitis, Distinguished Engineer at Lumen Technologies’ Black Lotus Labs who break down how the Russian state-linked threat actor Forest Blizzard is exploiting home and small office routers to hijack DNS traffic, enabling large-scale surveillance and targeted credential theft. The conversation highlights how this low-cost approach scales globally, why unmanaged routers have become a critical weak point, and how tactics, from brute force to token theft to DNS hijacking continue to evolve.

Transcript

The Cybercrime Shift: From Opportunistic Attacks to Marketplace-Driven Ecosystem

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠⁠Sherrod DeGrippo⁠ speaks with Maurice Mason and Jackie Burns-Koven to explore how cybercrime has shifted into a highly organized, marketplace-driven ecosystem. They break down the growing convergence between criminal networks and nation-state actors, highlighting how shared tools, infrastructure, and cryptocurrency have blurred traditional boundaries. The conversation dives into the rise of as-a-service cybercrime models, where access, malware, and infrastructure can be easily bought and sold, lowering barriers to entry and increasing attack volume. They also examine how blockchain intelligence is becoming a critical tool for tracking illicit activity, improving attribution, and disrupting operations.

Transcript

Ransomware: From Isolated Attacks to Global Criminal Ecosystem

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠⁠Sherrod DeGrippo⁠ speaks with Cynthia Kaiser to unpack the progression of ransomware from isolated attacks into a sophisticated global criminal ecosystem. Drawing on her two decades at the FBI and current role at Halcyon, Cynthia explains how cybercrime has scaled through organized networks, improved tactics, and increasing speed, with some attacks now unfolding in under an hour. The conversation explores how law enforcement strategies have shifted from targeting low-level actors to disrupting entire ecosystems, leading to more impactful takedowns. Cynthia also highlights the real-world consequences of ransomware, including its growing impact on critical infrastructure like hospitals and the potential for loss of life. The episode examines how AI is shaping both attacker and defender capabilities, accelerating phishing and access while also enabling stronger defensive responses.

Transcript