ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Click, Call, Compromise: Inside the Latest Loader Campaigns"
Episode Synopsis
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Microsoft researchers Kelsey Clapp and Anna Seitz to examine two major cybercrime campaigns. The team unpacks Storm 2561’s use of SEO poisoning to distribute Trojanized software like SilentRoute and Bumblebee, stealing VPN credentials and paving the way for ransomware brokers.
They also dive into Storm 1811’s ReadBed malware, a loader deployed through bold social engineering tactics, such as fake IT help desk calls via Teams, that enable lateral movement and ransomware deployment. The discussion highlights how modern threat actors exploit trust, extend attack chains, and continually evolve their techniques, underscoring the importance of vigilance, strong security controls, and verifying before trusting.
In this episode you’ll learn:
How Storm 2561 uses SEO poisoning to trick users into downloading Trojanized software
The role of trust, urgency, and habit in social engineering tactics
Practical steps organizations can take to block these threats and strengthen defenses
Some questions we ask:
Why are initial access loaders such a big risk for organizations?
How are threat actors using fake IT help desk calls to gain access?
What steps should defenders take to cut off these entry points?
Resources:
View Anna Seitz on LinkedIn
View Kelsey Clapp on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
They also dive into Storm 1811’s ReadBed malware, a loader deployed through bold social engineering tactics, such as fake IT help desk calls via Teams, that enable lateral movement and ransomware deployment. The discussion highlights how modern threat actors exploit trust, extend attack chains, and continually evolve their techniques, underscoring the importance of vigilance, strong security controls, and verifying before trusting.
In this episode you’ll learn:
How Storm 2561 uses SEO poisoning to trick users into downloading Trojanized software
The role of trust, urgency, and habit in social engineering tactics
Practical steps organizations can take to block these threats and strengthen defenses
Some questions we ask:
Why are initial access loaders such a big risk for organizations?
How are threat actors using fake IT help desk calls to gain access?
What steps should defenders take to cut off these entry points?
Resources:
View Anna Seitz on LinkedIn
View Kelsey Clapp on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
In God we trust